IndySSL - using certificate authentication
作者:webfly 日期:2007-09-27
This document explains how to use certificate authentication when connecting to a site that requires certificate authentication. We are using Indy components on the client side and some server (MS IIS, Apache, …) on the server side. In the example we will be using http protocol, cause it is very easy to set such an environment.
First of all we must get certificates and private keys for the client. Let's suppose that we got some private key/certificate pair from some Certificate Authority (like Verisign) and we have this listed in MS IE in Personal Certificates Store.
Task 1. Convert the certificate from MS format to PEM format used by OpenSSL
First we have to export the certificate, I don't write down but it is assumed that also private key is exported, to the PFX file (personal exchange format). We can protect this file with some password, but for let's not for the sake of example.
When we have this file, in our case is test_b.pfx, we have to convert it to PEM format. With IndySSL dll's we distribute also the precompiled openssl.exe utility that can be used to do the conversion.
The proper parameters are:
openssl.exe pkcs12 –in test_b.pfx –out test_b.pem
