Hello everyone, Does anyone has a working example of a client code that uses client certificates and sends post requests prefferably in C++? I wrote some code that works just fine when a server doesn't requires a client cert, but when a server is set to require them, I started to get error 403.7 I wrote my code on solaris with openssl 0.9.6. I connect to IIS server on NT. I got client certificate from equifax and I was able to verify that it's valid by posting from netscape and using s_client utility. So the problem is somewhere in my code. So that's why I'd like to see some examples of how others where able to deal with client certs to compare with what I'm doing. It would also be great if someone would be able to see if there is naything wrong in the way I handle certs: Here is how I set cert in the CTX. Latter on when I need to do a connection, I open ssl session and use SSL_read/write to talk to the server. I don't use BIO (should I?) void SSL_ContextWrapper::importCertFromFiles(const char* priv, const char* cert, int type) //type is PEM throw (SSL_exception) { int err = 0; char errorBuff[128]; SSL_CTX_set_options(ctx,SSL_OP_ALL); err = SSL_CTX_use_certificate_file(ctx, cert, type); if (err != 1) throw SSL_exception(LOCATION, err, VARconcat("Unable to get the cert %s", ERR_error_string(ERR_get_error(), errorBuff))); err = SSL_CTX_use_PrivateKey_file(ctx, priv, type); if (err != 1) throw SSL_exception(LOCATION, err, VARconcat("Unable to get private key <%s>", ERR_error_string(ERR_get_error(), errorBuff))); if (!SSL_CTX_check_private_key(ctx)) throw SSL_exception(LOCATION, err, VARconcat("Unable to get private key <%s>", ERR_error_string(ERR_get_error(), errorBuff))); err = SSL_CTX_load_verify_locations(ctx, cert, "/export/home/openssl/openssl-0.9.6/certs"); if (err != 1) throw SSL_exception(LOCATION, err, VARconcat("Unable to load root cert <%s>", ERR_error_string(ERR_get_error(), errorBuff))); } thanks a lot, --Alex ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]