How to test client certificate

Question

I'm building a web service to allow salesforce to call to it, the two way SSL is used for security, and salesforce has provided its client certificate: sfdc-client.cert.

In order to test whether salesforce client certificate work or not, I have setup a very simple web on MAC apache and enable SSL and client authentication on ssl config file /etc/apache2/extra/httpd-ssl.conf as below (use self-signed):

SSLCertificateFile "/private/etc/apache2/ssl/server.crt"
SSLCertificateKeyFile "/private/etc/apache2/ssl/server.key"
SSLCACertificateFile "/private/etc/apache2/ssl/sfdc-client.cert"
SSLVerifyClient require
SSLVerifyDepth  10

The first browsing by Chrome, I got "SSL Connection Error", I supposed it's correct in this case.

Then, I have tried to import sfdc-client.cert to key chain access, but it does not work at all because it just supports p12/pfx format.

I also tried to use CURL:

curl https://test.com --cert-type der --cert sfdc-client.cert

but got the error:

curl: (58) unable to use client certificate (no key found or wrong pass phrase?)

I'm totally newbie on this stuff, does anyone know how to test client certificate to make sure it works as above?

score -1 · Answer 1 · edited May 23 '17 at 10:33

-1

First you need to have both the client's certificate and certificate private key to be able to test 2-way SSL authentication.

To test with web browser, follow instructions here: Is there a way to test 2 way ssl through browser?

edited May 23 '17 at 10:33

Community

1
1

answered Aug 27 '14 at 18:13

GregKo

159
1
5

How to test client certificate

1 Answers1