Hello, > I'm trying to automate a test against a server with client authentication. > I created a self signed certificate, put it into the servers key database and > imported it into a browsers key store (e.g. M$IE cert store). Everything's > fine > - I'm able to sign on against the server. > > So far, so good... > > Unfortunately with OpenSSL-CLI (0.9.7j) I'm only getting errors: > > openssl s_client -key mycert.pem -cert suntest07.cer -connect suntest07:460 > > unable to get private key from 'mycert.pem' > 27461:error:0B080074:x509 certificate routines:X509_check_private_key:key > values > mismatch:x509_cmp.c:411 > > > suntest07.cer contains the (also selfsigned) x.509-Cert of the server, > mycert.pem contains my private key and certificate. Private key is read from file specified with -key option (but not cert), key certificate is read from file with -cert option (and private key if -key not specified). After that public part of private key is checked with signed public part of certificate from -cert file - they must match. In this case public part of private key from mycert.pem do not match public part of certificate from suntest07.cer. Probably, you do something like:
openssl s_client -cert mycert.pem -connect suntest07:460 and this should work (provided that mycert.pem has private key and certificate). Best regards, -- Marek Marcola <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]