Hi,
I'm trying to use client certificates with Drakma to call an existing web based API.
I have the latest code from https://github.com/edicl/drakma installed in my quicklisp local-projects directory. I'm using SBCL on OS X and Linux.
The client certificate is a .pfx file, and I've converted it to .pem format using
openssl pkcs12 -in robblackwellmanage.pfx -out robblackwellmanage.pfx.pem
I have verfied that this works as a server certifcate, using hunchentoot, thus:
(hunchentoot:start (make-instance 'hunchentoot:ssl-acceptor :ssl-privatekey-file "/Users/reb/certs/robblackwellmanage.pfx.pem" :ssl-certificate-file "/Users/reb/certs/robblackwellmanage.pfx.pem" :ssl-privatekey-password "password" :port 4343))
When I try to use this as a client certificate:
(drakma:http-request resource :certificate "/Users/reb/certs/robblackwellmanage.pfx.pem" :key "/Users/reb/certs/robblackwellmanage.pfx.pem" :certificate-password "password" :method :get :content "" :content-type "application/xml" :additional-headers headers)
I get the following error
SSL initialization error: Can't load certificate passwordSSL error queue is empty. [Condition of type CL+SSL::SSL-ERROR-INITIALIZE]
Interestingly, if I deliberately supply the wrong password then I get a different error
SSL initialization error: Can't load RSA private key file /Users/reb/certs/robblackwellmanage.pfx.pemSSL error queue is empty. [Condition of type CL+SSL::SSL-ERROR-INITIALIZE]
I guess I'm doing something really silly - please excuse my ignorance, but any advice, suggestions or guidance on how to proceed would be very much appreciated.
Thanks!
Rob