What you are asking for does not make sense. The point of the client cert is to establish the identify of the client. If the server bootstraps this, ANY client can connect and receive the identity.
Now, what you MAY want to do is authenticate via a different mechanism (say account and password on a secure web server), and have it push the client cert to you. -----Original Message----- From: owner-openssl-us...@openssl.org on behalf of Bryan Boone Sent: Mon 7/26/2010 12:55 PM To: openssl-users@openssl.org Subject: Simple question about SSL certs Hi everyone, I am a noob when it comes to SSL and I have an easy question but I don't have the time to look up the answer myself. I am trying to write an LDAP client. I need this client to use SSL as well. I am using the openldap server and C libraries. Here is what the openldap web page says... OpenLDAP clients and servers are capable of using the Transport Layer Security (TLS) framework to provide integrity and confidentiality protections and to support LDAP authentication using the SASL EXTERNAL mechanism. TLS is defined in RFC4346. I would like to write an LDAP client that when a user connects to an LDAP server with SSL, that the client cert is automatically downloaded to the client. Then a prompt asks the client to accept or reject the cert. Is this possible when using the OpenSSL C libraries? thanks