[drakma-devel] Drakma and client certificates?
Rob Blackwell
rob.blackwell at robblackwell.org.uk
Sat Jan 14 12:15:11 UTC 2012
Hi,
I'm trying to use client certificates with Drakma to call an existing web based API.
I have the latest code from https://github.com/edicl/drakma installed in my quicklisp local-projects directory. I'm using SBCL on OS X and Linux.
The client certificate is a .pfx file, and I've converted it to .pem format using
openssl pkcs12 -in robblackwellmanage.pfx -out robblackwellmanage.pfx.pem
I have verfied that this works as a server certifcate, using hunchentoot, thus:
(hunchentoot:start (make-instance 'hunchentoot:ssl-acceptor :ssl-privatekey-file "/Users/reb/certs/robblackwellmanage.pfx.pem" :ssl-certificate-file "/Users/reb/certs/robblackwellmanage.pfx.pem" :ssl-privatekey-password "password" :port 4343))
When I try to use this as a client certificate:
(drakma:http-request resource
:certificate "/Users/reb/certs/robblackwellmanage.pfx.pem"
:key "/Users/reb/certs/robblackwellmanage.pfx.pem"
:certificate-password "password"
:method :get
:content ""
:content-type "application/xml"
:additional-headers headers)
I get the following error
SSL initialization error: Can't load certificate passwordSSL error queue is empty.
[Condition of type CL+SSL::SSL-ERROR-INITIALIZE]
Interestingly, if I deliberately supply the wrong password then I get a different error
SSL initialization error: Can't load RSA private key file /Users/reb/certs/robblackwellmanage.pfx.pemSSL error queue is empty.
[Condition of type CL+SSL::SSL-ERROR-INITIALIZE]
I guess I'm doing something really silly - please excuse my ignorance, but any advice, suggestions or guidance on how to proceed would be very much appreciated.
Thanks!
Rob
More information about the Drakma-devel
mailing list