>> 8. Now, I want to load the certificate into the same SSL Context. >> At first I tried using the simple- >> ENGINE_load_ssl_client_cert() >> on the certificate file generated earlier, but that failed. I can >> understand why- the certificate is encrypted (self-signed). >> So it seems like the function that I would want to use instead >> is- >> ENGINE_load_ssl_client_certificate() >> But I'm not entirely sure if the same certificate is supposed to go >> into the context as "client" certificate and if I am trying to do the right >> thing. >> >> >> Can someone please point me in the right direction? Hopefully I've included >> all information that is relevant to my question. >> > > Forget about the ENGINE for this step. You can load the certificate into an > X509 structure and pass that to the SSL_CTX. > > How you do that depends on the certificate format. If it is PEM format you can > use PEM_read_X509. If DER the d2i_X509_fp will do the trick. >
Hi Steve, thanks for your reply. While it's definitely helped me take another step in the right direction, I've run into a problem when using the PEM_read_X509() function. The error string that I get from the function call is "_base = 0x047329a8 "6632:error:0906D06C:PEM routines:func(109):reason(108):.\crypto\pem\pem_lib.c:696:Expecting: CERTIFICATE". And when I open my foocert.PEM file in a text editor, it is not readable. Going back to how I created it: I used the command string- makecert -r -sk fooContainer -sp "nCipher Enhanced Security Provider" -sky exchange foocert.pem When my working code was using software key storage earlier, my .PEM looked like a readable text file of the form- -----BEGIN CERTIFICATE----- 9w0BA ... TKekJ== -----END CERTIFICATE----- ...but ofcourse that was created using an "openssl x509" command since my private and public key files were available on the disk. So I guess the question now really is- How do you create a .PEM X509 self-signed certificate for a CAPI key that is stored in a container on the nCipher hardware? This might be the last hurdle for my OpenSSL integration with nCipher. Thank you, Sunjeet ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected]
