[drakma-devel] Drakma and client certificates?

Rob Blackwell rob.blackwell at robblackwell.org.uk
Sat Jan 14 12:15:11 UTC 2012


Hi,

I'm trying to use client certificates with Drakma to call an existing web based API.

I have the latest code from https://github.com/edicl/drakma installed in my quicklisp local-projects directory. I'm using SBCL on OS X and Linux.

The client certificate is a .pfx file, and I've converted it to .pem format using

openssl pkcs12 -in robblackwellmanage.pfx -out robblackwellmanage.pfx.pem

I have verfied that this works as a server certifcate, using hunchentoot, thus:

(hunchentoot:start (make-instance 'hunchentoot:ssl-acceptor :ssl-privatekey-file "/Users/reb/certs/robblackwellmanage.pfx.pem" :ssl-certificate-file "/Users/reb/certs/robblackwellmanage.pfx.pem" :ssl-privatekey-password "password" :port 4343))

When I try to use this as a client certificate:

 (drakma:http-request resource
			 :certificate "/Users/reb/certs/robblackwellmanage.pfx.pem"
			 :key "/Users/reb/certs/robblackwellmanage.pfx.pem"
			 :certificate-password "password"
			 :method :get
			 :content ""
			 :content-type "application/xml"
			 :additional-headers headers)

I get the following error

SSL initialization error: Can't load certificate passwordSSL error queue is empty.
   [Condition of type CL+SSL::SSL-ERROR-INITIALIZE]

Interestingly, if I deliberately supply the wrong password then I get a different error

SSL initialization error: Can't load RSA private key file /Users/reb/certs/robblackwellmanage.pfx.pemSSL error queue is empty.
   [Condition of type CL+SSL::SSL-ERROR-INITIALIZE]

I guess I'm doing something really silly - please excuse my ignorance, but any advice, suggestions or guidance on how to proceed would be very much appreciated.

Thanks!

Rob



More information about the Drakma-devel mailing list