Hello Denis,

Babineau, Denis wrote:
I need to implement a client side certificate model for SSL, specifically, the client side (the server side is developped by another party of which I won't have access to until the end of the implementation). The Key exchange algo. used will be RSA and the encryption used will be 3-DES.

I assume you want to: Use SSL communication with: Server uses RSA key to authenticate. Client uses some key to authenticate.

Can someone explain to me how this would be accomplished and which peer would need what? (am I correct to assume that the server will only need the public key and the client will only need the matching digital certificate?)

You need: Server: * own private key * own certificate * CA certificates that issue client certificates * optional, but good: own CA certificate chain Client: * own private key * own certificate * CA cerificate that issued server certificate

Client side:
If you only only have this key / certificate,
you can set it with:
SSL_CTX_use_PrivateKey...()
SSL_CTX_use_certificate...()

You set the CA file to verify the peer with:
SSL_CTX_load_verify_locations()

Do the SSL and be happy...


Bye

Goetz

--
Goetz Babin-Ebell, TC TrustCenter AG, http://www.trustcenter.de
Sonninstr. 24-28, 20097 Hamburg, Germany
Tel.: +49-(0)40 80 80 26 -0,  Fax: +49-(0)40 80 80 26 -126

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature



Reply via email to