md5 wrote:
>
> Hello,
>
> I'm trying to figure out how to get s_client to present a client side
> certificate when requested by and IIS web server.
>
> so i believe the following syntax should work:
>
> OpenSSL>s_client -cert myCert.cer -key myPriv.key -connect
> www.host.com:443
>
> My problem is how to get the private key belonging to a certificate into
> PEM (base 64?) format. I can export a PKCS#12 object from netscape and
> import it into OpenSSL using the:
>
> OpenSSL>pkcs12 -in myP12.p12
>
> .. command. So now, I believe i need to issue a command that takes the
> p12 object and extracts the private key in PEM format to a file that I can
> use with s_client.
>
> Am I close?
>
Fairly close :-)
openssl pkcs12 -in myP12.p12 -out clcert.pem -clcerts
openssl pkcs12 -in myP12.p12 -out cacerts.pem -cacerts -nokeys
This will pull the necessary private key, user certificate and CA
certificate(s) into separate files.
Then:
openssl s_client -cert clcert.pem -CAfile cacerts.pem ...
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]