Is this the right list for this question?
This is the right place, but if you don't get an answer here, I would try the OpenSSL users list, as there might be some more experience working with the PKCS12 cert format there, and the associated problems when taking a certificated loaded into Netscape 7.1.
You can find the OpenSSL users list at http://www.openssl.org/support/
Regards,
Josh
________________________________________________________________________ Josh Chamas, Founder | NodeWorks - http://www.nodeworks.com Chamas Enterprises Inc. | NodeWorks Directory - http://dir.nodeworks.com http://www.chamas.com | Apache::ASP - http://www.apache-asp.org
Sean Evans wrote on 4/5/2004, 9:22 AM:
> Good day to everyone, > > I need to scrape some data from an HTTPS site that requires client > certificates for authentication. I am able to access the site with a > certificate loaded in Netscape 7.1, so I exported the certificate (there > are two actually, one for encrypting and one for signing, not sure if > this matters) to PKCS12 and tried the following: > > __BEGIN__ > use strict; > use LWP::UserAgent; > # DEBUGGING SWITCH / LOW LEVEL SSL DIAGNOSTICS > $ENV{HTTPS_DEBUG} = 1; > # DEFAULT SSL VERSION > $ENV{HTTPS_VERSION} = '3'; > > # CLIENT PKCS12 CERT SUPPORT > $ENV{HTTPS_PKCS12_FILE} = 'test.p12'; > $ENV{HTTPS_PKCS12_PASSWORD} = 'password'; > > my $ua = new LWP::UserAgent; > my $req = new HTTP::Request('GET', 'https://example.com'); > my $res = $ua->request($req); > print $res->status_line."\n"; > __END__ > > Here's the debug output I get: > > __BEGIN__ > SSL_connect:before/connect initialization > SSL_connect:SSLv3 write client hello A > SSL_connect:SSLv3 read server hello A > SSL_connect:SSLv3 read server certificate A > SSL_connect:SSLv3 read server done A > SSL_connect:SSLv3 write client key exchange A > SSL_connect:SSLv3 write change cipher spec A > SSL_connect:SSLv3 write finished A > SSL_connect:SSLv3 flush data > SSL_connect:SSLv3 read finished A > SSL_connect:SSL renegotiate ciphers > SSL_connect:SSLv3 write client hello A > SSL_connect:SSLv3 read server hello A > SSL_connect:SSLv3 read server certificate A > SSL_connect:SSLv3 read server certificate request A > SSL_connect:SSLv3 read server done A > SSL_connect:SSLv3 write client certificate A > SSL_connect:SSLv3 write client key exchange A > SSL_connect:SSLv3 write certificate verify A > SSL_connect:SSLv3 write change cipher spec A > SSL_connect:SSLv3 write finished A > SSL_connect:SSLv3 flush data > SSL3 alert read:fatal:certificate unknown > SSL_connect:failed in SSLv3 read finished A > 500 read failed: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert > certificate unknown | error:140940E5:SSL routines:SSL3_READ_BYTES:ssl > handshake failure > __END__ > > > I'm running on ActiveState 5.8 using Crypt::SSLeay from theoryx5. Could > anyone tell me what I'm doing wrong? > > -- > Sean Evans >
