Hi, I have a problem in using the openssl with Netscape Certificate Server. I am using a certficate generated by the Netscape Certificate Server(residing in regionally different location machine) to run my server developed using openssl library. The server certificate got from Netscape certificate Server is of PKCS12 format. Since i am using the functions like SSL_CTX_use_certificate_file, SSL_CTX_use_RSAPrivateKey_file which uses the PEM_FILETYPE as third parameter, i had to convert PKCS12 format certificate file to PEM format file since one of our application is using PKCS12 format only: openssl -in test.p12 -out newfile.pem Here are the contents of the newfile.pem after convertion. -------------------Contents of newfile.pem------------------------------- Bag Attributes friendlyName: TradeView-Asia's Credit Suisse First Boston ID localKeyID: E1 FF 90 4B EA 9B 20 A7 0A 62 39 0C DA 90 4C B9 4B DC A4 D6 Key Attributes: <No Attributes> -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,AF3D450EB53340C7 0E1f83C6uR+CvdyDS12k/2MDbyxf29oyJY0+uRyvK2NlvIFfj1Bly4s2soRsw2pO HR/xgXBj/13sOAgDgKjvvMtftdys2XypvVXc+5ZKho5j0T1PNwnfLLdt24dnUymL VPyWQpcSJw4hz0xBKB6DKYx9wJAnPm/loLQ/MNRVEEu/G1Ax9kWYkKz15TRvBoix tVpMViMKhzVerGtmivvaLVNJvwHbRLIdLOh/y4Qif0+2uRk6+X8d6bB1p2Uuc/1m ZJR88IBfW8QOxWukHdgYi4l8p+A1RZKijvEqWM+XxCVpCd2S2HbECQ2k1uwyPn7D RW17VV9fRmvTKaMZMSb14IXB77s1jKTMFrSKDOsQmddGktdrrX0jFHMGsRCcGTfb 4QCNf11eCGp8u5sjUfWfJGtJ9uHxck8VudiNoOgU6Z3yLyUWRjYhWXTVQm8/OoW+ E65TmZ8Vo1I5J9zjoZmhRQS5NaQQiiALpxzN/A++c1dGUoRzFJbxHKjHyilTW3h+ ooKzkv+GmvKf6QF3ToDbmM+Do575jqkahWErMrtUm4zRSVntk5Hgqw4FmYCa2Zg6 C6rKYqO+h0GnJ14bE2/eip7qc0fQ5pS6WSmy6uei0HrRmHWQsgyn+8Ss2AgZ/uT7 E2g02pX4/FPciVMztyBh2J4jw+2fOrExhUnox++WEjFwr67kB4Kfygb4ADBqK0bz CABTCATTM/0rnov/59TyKUDbaPPl9bc3J/6iybDgoOTe6IVwb19JcW5RlrgFGn0R joLIWhcNqlPHhSSeQ/NoJbNg7f6NPyq5xcbb+8Lc59M= -----END RSA PRIVATE KEY----- Bag Attributes: <Empty Attributes> subject=/C=UK/O=Credit Suisse First Boston/OU=GWS Europe CA issuer= /C=UK/O=Credit Suisse First Boston/OU=GWS Europe CA -----BEGIN CERTIFICATE----- MIICTDCCAbWgAwIBAgIBATANBgkqhkiG9w0BAQQFADBKMQswCQYDVQQGEwJVSzEj MCEGA1UEChMaQ3JlZGl0IFN1aXNzZSBGaXJzdCBCb3N0b24xFjAUBgNVBAsTDUdX UyBFdXJvcGUgQ0EwHhcNOTkwNTIwMTUyNzA2WhcNMDEwNTE5MTUyNzA2WjBKMQsw CQYDVQQGEwJVSzEjMCEGA1UEChMaQ3JlZGl0IFN1aXNzZSBGaXJzdCBCb3N0b24x FjAUBgNVBAsTDUdXUyBFdXJvcGUgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ AoGBAOjLGUhMrE49ARCwNS0fYyg2/rm0aHgEPXDuMPUmAry4F/eacTCS6QaA53Kr B8kF7IFodGaKtECA78NQGz6G7AIFqdsdlGdYE0xvN3PJT3aLqEsA6DGA7+uFRscJ 2JQh24/AqIcupCkIJqjleTa/QW4MBJ7VQJ2Z8Q4G18YRNneDAgMBAAGjQjBAMB0G A1UdDgQWBBTOZUMmvxc7B+wOiSEUv+DgmsKgtDAfBgNVHSMEGDAWgBTOZUMmvxc7 B+wOiSEUv+DgmsKgtDANBgkqhkiG9w0BAQQFAAOBgQCmx83aiy4Btyc+36d6q5nB HeGBa4PDNsPAibHSsQAEt8KImlI+zJDXDxoJPhGGnCFl8NXjfEEAdUFu3lXM6FxE kib+IuM+Rnj/ry9UIIv3InqNg/EDVJLRKIXEdTKoNPNCbfHWjZ35CUG2fw3J+ooc lwOKORJlNmZM43tO2JZo/w== -----END CERTIFICATE----- Bag Attributes friendlyName: TradeView-Asia's Credit Suisse First Boston ID localKeyID: E1 FF 90 4B EA 9B 20 A7 0A 62 39 0C DA 90 4C B9 4B DC A4 D6 subject=/C=AU/O=CSFB/OU=Equities/0.9.2342.19200300.100.1.1=TradeView-Asia/CN =TradeView-Asia/Email=jamie.jones@csf b.com issuer= /C=UK/O=Credit Suisse First Boston/OU=GWS Europe CA -----BEGIN CERTIFICATE----- MIIChDCCAe2gAwIBAgIBCjANBgkqhkiG9w0BAQQFADBKMQswCQYDVQQGEwJVSzEj MCEGA1UEChMaQ3JlZGl0IFN1aXNzZSBGaXJzdCBCb3N0b24xFjAUBgNVBAsTDUdX UyBFdXJvcGUgQ0EwHhcNOTkwOTIyMDE0NDQ5WhcNMDEwMzE1MDE0NDQ5WjCBjTEL MAkGA1UEBhMCQVUxDTALBgNVBAoTBENTRkIxETAPBgNVBAsTCEVxdWl0aWVzMR4w HAYKCZImiZPyLGQBARMOVHJhZGVWaWV3LUFzaWExFzAVBgNVBAMTDlRyYWRlVmll dy1Bc2lhMSMwIQYJKoZIhvcNAQkBFhRqYW1pZS5qb25lc0Bjc2ZiLmNvbTCBnzAN BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvlLokNj12ayJ7mAcok+tAnlM9m3X3aTw j7d42wZD1J/FSXUmcP6J8Pg2RxhZb5HYdxY/JSGsedPpCXXmi5JNJpD+CBBNh/3J JIeHE+4D6Hfz6J5Iey/Y7D/nVo+ut/z4vP92Ldb3J99L5rgCjayrdBsDvw18/wki 3DLiuh0unvkCAwEAAaM2MDQwEQYJYIZIAYb4QgEBBAQDAgBAMB8GA1UdIwQYMBaA FM5lQya/FzsH7A6JIRS/4OCawqC0MA0GCSqGSIb3DQEBBAUAA4GBAGneaBep46xn u3xgINncvXHZuacKT9GBwTySWnr+QrpN0Mw835If+USWiNInsgZF2yrPoMxZb8pj /Tbf+iVa2JNFGwOYQbGw+LoGWJAg0fsp+nf1zjBEDSm4MiijknNB7gTdstFLBUVY P2kkRxXuTtqx5A/LTZHM1TiphC1ZCdt8 -----END CERTIFICATE----- -------------------------End of newfile.pem--------------------------------- When using this newfile.pem, i got the following error: SSL_CTX_use_RSAPrivateKey_file: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch So i just copied the contents of issuer,Public Key etc from Netscape Certificate Server( by getting the details of that certificate). It worked fine. -------------------Now the contents of newfile.pem------------------- -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,1A70995C43F45106 ZWP3mAIVB3Yf67AwjHB3vtCVmTqJrmJANyYZcUXZT/CSo8CIFF/s5FXoownT/UCq sIVIQ6tQu1jYVlYmiLbGf150Kk54xw/yMbiYOVtoqrqn+Xk0I2Sg+qXmuK7fa25a ttmsDJ8YWTdXbXE5jql/DsBik20MdYP686K6ShHoouh2i+tIhwkhTMtRA3XRrb40 SLMv7YoHR54KSeZMUpND9HvY5EC79+yyiCVGfbwbKRwHIWNoolpi9mtkt3ZimxUt ccqsYwXn2/gzN8UBQsLcOgEWpW2ucgkGT0ZmZihRVwdah9LUY+jKBTokMNr3udJs DulnGfjGBgJ+BLoGIWGIsf/PF0ltD5Y2G6u8dn9lC43pEn4OKpzwG1/9lUZmjgNp DqOhI04mT4U/MDGvzE/StvbrmSkn0FsrxPO70NptNzpMQNcwqSVVuHTeVW9vG/Mk upi/vhl4FI6RCmbxU5wEnKM1kgCMtp8TnxVZjvo8kUKLwGXr3CQq5sCuwlderNkK b4M+mQ4LlzkULv0kaYurnXSXMV3woC9uY1PdDPmbRZdKc1zuvWUQlU3bMwNSZx7V 43NDQ946OFTWj5SkNJi83hYJzptFftz6gQse6FemkE1bCskKpPt7Eeux/M5+ekWO ixIm8cu1ujpMqLILQxynvG4hp7JREj6/ZSKzy/ci/BvKLt4UdBrPiOfzeZLOFo09 liL6ZyinirvvKf1KBdHhqAaaInwadrPs+GwXA0L+ID0yIT52kzJMxpHsg9zfg7bp V5kwgFpCRyTvA0ymSNBMk1nXujr9j0zsf0u3MMbI/LQ= -----END RSA PRIVATE KEY----- Bag Attributes friendlyName: TradeView-Asia's Credit Suisse First Boston ID localKeyID: E1 FF 90 4B EA 9B 20 A7 0A 62 39 0C DA 90 4C B9 4B DC A4 D6 subject=/C=AU/O=CSFB/OU=Equities/0.9.2342.19200300.100.1.1=TradeView-Asia/CN =TradeView-Asia/Email=jamie.jones@csf b.com issuer= /C=UK/O=Credit Suisse First Boston/OU=GWS Europe CA serial :10 Certificate: Data: Version: v3 (0x2) Serial Number: 10 (0xa) Signature Algorithm: PKCS #1 MD5 With RSA Encryption Issuer: OU=GWS Europe CA, O=Credit Suisse First Boston, C=UK Validity: Not Before: Wed Sep 22 02:44:49 1999 Not After: Thu Mar 15 01:44:49 2001 Subject: [EMAIL PROTECTED], CN=TradeView-Asia, UID=TradeView-Asia, OU=Equities, O=CSFB, C=AU Subject Public Key Info: Algorithm: PKCS #1 RSA Encryption Public Key: Modulus: 00:be:52:e8:90:d8:f5:d9:ac:89:ee:60:1c:a2:4f:ad:02:79: 4c:f6:6d:d7:dd:a4:f0:8f:b7:78:db:06:43:d4:9f:c5:49:75: 26:70:fe:89:f0:f8:36:47:18:59:6f:91:d8:77:16:3f:25:21: ac:79:d3:e9:09:75:e6:8b:92:4d:26:90:fe:08:10:4d:87:fd: c9:24:87:87:13:ee:03:e8:77:f3:e8:9e:48:7b:2f:d8:ec:3f: e7:56:8f:ae:b7:fc:f8:bc:ff:76:2d:d6:f7:27:df:4b:e6:b8: 02:8d:ac:ab:74:1b:03:bf:0d:7c:ff:09:22:dc:32:e2:ba:1d: 2e:9e:f9 Public Exponent: 65537 (0x10001) Extensions: Identifier: Certificate Type Critical: no Certified Usage: SSL Server Identifier: Authority Key Identifier Critical: no Key Identifier: ce:65:43:26:bf:17:3b:07:ec:0e:89:21:14:bf:e0:e0:9a:c2: a0:b4 Signature: Algorithm: PKCS #1 MD5 With RSA Encryption Signature: 69:de:68:17:a9:e3:ac:67:bb:7c:60:20:d9:dc:bd:71:d9:b9:a7:0a:4f: d1:81:c1:3c:92:5a:7a:fe:42:ba:4d:d0:cc:3c:df:92:1f:f9:44:96:88: d2:27:b2:06:45:db:2a:cf:a0:cc:59:6f:ca:63:fd:36:df:fa:25:5a:d8: 93:45:1b:03:98:41:b1:b0:f8:ba:06:58:90:20:d1:fb:29:fa:77:f5:ce: 30:44:0d:29:b8:32:28:a3:92:73:41:ee:04:dd:b2:d1:4b:05:45:58:3f: 69:24:47:15:ee:4e:da:b1:e4:0f:cb:4d:91:cc:d5:38:a9:84:2d:59:09: db:7c -----BEGIN CERTIFICATE----- MIIChDCCAe2gAwIBAgIBCjANBgkqhkiG9w0BAQQFADBKMQswCQYDVQQGEwJVSzEj MCEGA1UEChMaQ3JlZGl0IFN1aXNzZSBGaXJzdCBCb3N0b24xFjAUBgNVBAsTDUdX UyBFdXJvcGUgQ0EwHhcNOTkwOTIyMDE0NDQ5WhcNMDEwMzE1MDE0NDQ5WjCBjTEL MAkGA1UEBhMCQVUxDTALBgNVBAoTBENTRkIxETAPBgNVBAsTCEVxdWl0aWVzMR4w HAYKCZImiZPyLGQBARMOVHJhZGVWaWV3LUFzaWExFzAVBgNVBAMTDlRyYWRlVmll dy1Bc2lhMSMwIQYJKoZIhvcNAQkBFhRqYW1pZS5qb25lc0Bjc2ZiLmNvbTCBnzAN BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvlLokNj12ayJ7mAcok+tAnlM9m3X3aTw j7d42wZD1J/FSXUmcP6J8Pg2RxhZb5HYdxY/JSGsedPpCXXmi5JNJpD+CBBNh/3J JIeHE+4D6Hfz6J5Iey/Y7D/nVo+ut/z4vP92Ldb3J99L5rgCjayrdBsDvw18/wki 3DLiuh0unvkCAwEAAaM2MDQwEQYJYIZIAYb4QgEBBAQDAgBAMB8GA1UdIwQYMBaA FM5lQya/FzsH7A6JIRS/4OCawqC0MA0GCSqGSIb3DQEBBAUAA4GBAGneaBep46xn u3xgINncvXHZuacKT9GBwTySWnr+QrpN0Mw835If+USWiNInsgZF2yrPoMxZb8pj /Tbf+iVa2JNFGwOYQbGw+LoGWJAg0fsp+nf1zjBEDSm4MiijknNB7gTdstFLBUVY P2kkRxXuTtqx5A/LTZHM1TiphC1ZCdt8 -----END CERTIFICATE----- -------------------------End of newfile.pem--------------------------------- Then i am getting the following errors: VERIFY ERROR: depth=0 error=unable to get local issuer certificate: /C=AU/O=CSFB/OU=Equities/0.9.2342.19200300.100.1.1=TradeView-Asia/CN=TradeVi [EMAIL PROTECTED] SSL_accept : error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned I think After getting the client certificate, it does the verification against the CA which it loads from the file /demoCA/cacert.pem Since i am using the CA as Netscape Certificate Server (residing in some other regionally different machine), I do not know to where i should point this /demoCA/cacert.pem file and also what should be the contents. I am not sure whether this is the cause for the above errors. Please can anyone help me out in this as early as possible. Thanks in advance. Hope to get earliest reply. Ravi Srinvas M E-mail : [EMAIL PROTECTED] Voice mail : +81 3 5404 9592 Fax : +81-3-5473-4441 CREDIT | FIRST SUISSE | BOSTON Credit Suisse First Boston (Japan) Limited 5th Floor Shiroyama Hills, 4-3-1 Toranomon, Minato-ku, Tokyo 105-6002 JAPAN This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. CREDIT SUISSE GROUP and each of its subsidiaries each reserve the right to monitor all e-mail communications through its networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of any such entity. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]