Hi everybody,
I've been get some problems with WebService Client on HTTPS.
I have 1 certificate and 2 intermediate CA´s to access this server.
Testing my Browser, if i remove any one of the intemediate CA's, i get this:
"HTTP Error 403.7 - Forbidden: SSL client certificate is required."
I Have the same error in my application. I've been tried include the
Intermediate CA's using many ways, but without successful.
....
....
Bool tSSLSocketAPI::SetCertificateFiles(mspchar ACertFile, mspchar AKeyFile)
{
if (ACertFile!= NULL)
{
// INTERMEDIATE CA DONT HAVE KEY
if (AKeyFile == NULL) {
FILE *fp;
X509 *cert;
if (!(fp = fopen(ACertFile, "r"))) {
msprintf( "OPS1unable to open certificate" );
return false;
}
cert = PEM_read_X509(fp, NULL, NULL, NULL);
if (cert==NULL){
msprintf( "OPS2unable to read certificate" );
return false;
}
fclose (fp);
if (SSL_CTX_add_client_CA(sslCtx, cert) < 1 )
return false;
return true;
}
if( chkSSL( SSL_CTX_use_certificate_file(sslCtx, ACertFile,
SSL_FILETYPE_PEM), ssl, sslErr ) <= 0)
{
msprintf( "unable to get certificate from '%s'\n", ACertFile);
ERR_print_errors(sslErr);
return false;
}
if (nOptions.PassPhrase)
SSL_CTX_set_default_passwd_cb_userdata(sslCtx, nOptions.PassPhrase
);
if (SSL_CTX_use_PrivateKey_file(sslCtx, AKeyFile, SSL_FILETYPE_PEM) <=
0)
{
msprintf("unable to get private key from '%s'\n",AKeyFile);
ERR_print_errors(sslErr);
return false;
}
if (!SSL_CTX_check_private_key(sslCtx))
{
msprintf( "Private key does not match the certificate public key\n");
return false;
}
if (nOptions.PassPhrase)
SSL_CTX_set_default_passwd_cb_userdata(sslCtx, NULL);
}
return true;
}
.....
.....
I've been tried this functions :
SSL_CTX_add_client_CA(...)
SSL_CTX_add_extra_chain_cert(...)
SSL_CTX_load_verify_locations(...)
how add intermediate CA's using openssl ??
Thanks in Advanced.
Ricardo G. Reis
