diff options
author | Daniel Stenberg <daniel@haxx.se> | 2004-08-12 11:02:01 +0000 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2004-08-12 11:02:01 +0000 |
commit | 4356356305057b06588d2af344491e05e50f71e5 (patch) | |
tree | e80b243b4d76e7ba30bd61c876fbadd33c8e4071 | |
parent | cb8813522083672d408325a11300b91dffd806c3 (diff) |
3.16 What certificates do I need with I use SSL?
my first attempt at a basic description of the certs involvede
-rw-r--r-- | docs/FAQ | 31 |
1 files changed, 30 insertions, 1 deletions
@@ -1,4 +1,4 @@ -Updated: August 10, 2004 (http://curl.haxx.se/docs/faq.html) +Updated: August 12, 2004 (http://curl.haxx.se/docs/faq.html) _ _ ____ _ ___| | | | _ \| | / __| | | | |_) | | @@ -41,6 +41,7 @@ FAQ 3.13 Why does my single/double quotes fail? 3.14 Does curl support javascript or pac (automated proxy config)? 3.15 Can I do recursive fetches with curl? + 3.16 What certificates do I need with I use SSL? 4. Running Problems 4.1 Problems connecting to SSL servers. @@ -462,6 +463,34 @@ FAQ curlmirror perl script), and you can write programs based on libcurl to do it, but the command line tool curl itself cannot. + 3.16 What certificates do I need with I use SSL? + + There are three different kinds of "certificates" to keep track of when we + talk about using SSL-based protocols (HTTPS or FTPS) using curl or libcurl. + + - Client certificate. The server you communicate may require that you can + provide this in order to prove that you actually are who you claim to be. + If the server doesn't require this, you don't need a client certificate. + + - Server certificate. The server you communicate with has a server + certificate. You can and should verify this certficate to make sure that + you are truly talking to the real server and not a server impersonating + it. The server certificate verifaction process is made by using a + Certificate Authority certificate ("CA cert") that was used to sign the + server certificate. Server certificate verification is enabled by default + in curl and libcurl and is often the reason for problems as explained in + FAQ entry 4.12 and the SSLCERTS document + (http://curl.haxx.se/docs/sslcerts.html). Server certificates that are + "self-signed" or otherwise signed by a CA that you do not have a CA cert + for, cannot be verified. If the verification during a connect fails, you + are refused access. You then need to explicitly disable the verification + to connect to the server. + + - Certificate Authority certificate ("CA cert"). You often have several CA + certs in a CA cert bundle that can be used to verify a server certificate + that was signed by one of the authorities in the bundle. curl comes with a + default CA cert bundle. You can override the default. + 4. Running Problems |