Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Unable to use libcurl to access a site requiring client authentication
Top Forums Programming Unable to use libcurl to access a site requiring client authentication Post 302525007 by old_as_a_fossil on Wednesday 25th of May 2011 10:23:29 AM
Old 05-25-2011
Unable to use libcurl to access a site requiring client authentication
I’m using the below snipped for setting the certificate and key for client authentication.
Code:
 curl_easy_setopt(curl,CURLOPT_SSLCERT,"clientCert.pem");
curl_easy_setopt(curl,CURLOPT_SSLCERTPASSWD,"changeit"); 
curl_easy_setopt(curl,CURLOPT_SSLCERTTYPE,"PEM"); 
curl_easy_setopt(curl,CURLOPT_SSLKEY,"privateKey.pem"); 
curl_easy_setopt(curl,CURLOPT_SSLKEYPASSWD,"changeit"); 
curl_easy_setopt(curl,CURLOPT_SSLKEYTYPE,"PEM");

The certificate doesn’t have a password, I don’t know why on earth the option SSLCERTPASSWD exists, I just provided a dummy value. When I run the program on Linux I get an error code of 58 and an error message unable to set private key file: 'privateKey.pem' type PEMOn Windows however I get unable to use client certificate (no key found or wrong pass phrase?)
It seems to suggest the certificate and the key don’t match but I don’t know how. I have extracted both the cert and the key from a p12 file using openssl commands. The command I used to extract the key is
openssl.exe pkcs12 -in client.p12 -nocerts -out privateKey.pem
and the command used to extract the cert is
openssl.exe pkcs12 -in client.p12 -nokeys -out clientCert.pem

The p12 file has been successfully used in a browser to access the client authentication url. Please help before I shoot myself.
Last edited by old_as_a_fossil; 05-25-2011 at 11:32 AM..
 

9 More Discussions You Might Find Interesting

1. IP Networking

port access to site to site VPN

Setup a site to site VPN between two cisco routers. One of the site locations is unable to access ports such as https://example.com:9001 How do I let them go into port 9001? They can ssh, ftp, telnet and everything else. Is this a VPN issue or ACL access issue? I put permit ip host... (0 Replies)
Discussion started by: photon
0 Replies

2. Shell Programming and Scripting

Unable to access http site using wget through proxy

Hi there I am currently trying to access an http site using the wget utility from a solaris box. I am going through proxies to do this and we have two types of proxies. For the first one, which is a netcache proxy, I am able to use the wget command to export the proxy information export... (2 Replies)
Discussion started by: memonks
2 Replies

3. Web Development

client authentication in sunone 7.0 webserver

hi, I am using sunone 7.0 webserver. The webserver instance is configured for https and i want to do client authentication for specific resources. I dont want to do any client authentication for the other resources. I was able to do a complete client auth for my webserver but unable to do... (0 Replies)
Discussion started by: pcs.abhishek
0 Replies

4. Red Hat

Active directory authentication in Linux client?

Hi All, I am a newb in this forums. I am a Linux admin and I hope I will get the solution here. In my company I have setup AD and I can authenticate the windows machines using this AD, also able to apply policy. Now I have installed some Linux machines but I can't able to authenticate via... (6 Replies)
Discussion started by: sahabcse
6 Replies

5. HP-UX

NFS Client unable to access shared DIR's

I ve a client : <clientname> and a server: <servername> Both of them running: HPUX B.11.31 SERVER outputs: I ve shared a folder in <servername> called /test and the O/P for # exportfs - /test root=<clientname>,rw=<clientname>,ro "" # showmount -e export list for... (6 Replies)
Discussion started by: Amit Kulkarni
6 Replies

6. Red Hat

Unable to access NFS share on Solaris Server from Linux client

Hi, I am trying to access a NFS shared directory on Solaris 10 Server from a client which is RHEL 4 Server. On the NFS Server, in /etc/dfs/, I added following line to dfstab file. share -F nfs -o rw /var/share & then ran the following svcadm -v enable -r... (3 Replies)
Discussion started by: SunilB2011
3 Replies

7. AIX

LDAP authentication client issue

Hi, I am trying to authenticate AIX server against a IDS LDAP instance. The AIX version is 6.1 and TDS client is 6.1. I configured the secldapclntd using ldap.cfg file and changed /etc/security/user to set SYSTEM=LDAP, registry=LDAP for one user. Below are the ldap.cfg configurations - ... (5 Replies)
Discussion started by: vs1
5 Replies

8. IP Networking

iptables allow access to one site

Hi all I need help with a set of iptables rules that would allow a portion of a bank of ipaddresses acces to only one or two named wbsites. Please advise Thank You Ed (3 Replies)
Discussion started by: wa1ed
3 Replies

9. Post Here to Contact Site Administrators and Moderators

Regarding not able to access UNIX.com site

Hello MODs/Admins, Could you please help me here as from last 6 to 7 days I(and checked with my fellow friends too) am not able to access unix.com site at all. It is very very slow, it never loads completely. Even I checked with different people and different computers it results same only,... (8 Replies)
Discussion started by: RavinderSingh13
8 Replies

LEARN ABOUT MOJAVE

curlopt_proxy_sslcert

CURLOPT_PROXY_SSLCERT(3)				     curl_easy_setopt options					  CURLOPT_PROXY_SSLCERT(3)

NAME

       CURLOPT_PROXY_SSLCERT - set SSL proxy client certificate

SYNOPSIS

       #include <curl/curl.h>

       CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_SSLCERT, char *cert);

DESCRIPTION

       This option is for connecting to a HTTPS proxy, not a HTTPS server.

       Pass  a	pointer to a zero terminated string as parameter. The string should be the file name of your client certificate used to connect to
       the HTTPS proxy.  The default  format  is  "P12"  on  Secure  Transport	and  "PEM"  on	other  engines,  and  can  be  changed	with  CUR-
       LOPT_PROXY_SSLCERTTYPE(3).

       With NSS or Secure Transport, this can also be the nickname of the certificate you wish to authenticate with as it is named in the security
       database. If you want to use a file from the current directory, please precede it with "./" prefix, in order  to  avoid	confusion  with  a
       nickname.

       When using a client certificate, you most likely also need to provide a private key with CURLOPT_PROXY_SSLKEY(3).

       The application does not have to keep the string around after setting this option.

DEFAULT

       NULL

PROTOCOLS

       Used with HTTPS proxy

EXAMPLE

       TODO

AVAILABILITY

       Added in 7.52.0

RETURN VALUE

       Returns CURLE_OK if TLS enabled, CURLE_UNKNOWN_OPTION if not, or CURLE_OUT_OF_MEMORY if there was insufficient heap space.

SEE ALSO

       CURLOPT_PROXY_SSLCERTTYPE(3), CURLOPT_PROXY_SSLKEY(3), CURLOPT_SSLCERT(3),

libcurl 7.54.0							 December 21, 2016					  CURLOPT_PROXY_SSLCERT(3)
All times are GMT -4. The time now is 10:25 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy