On 24/06/15 15:05, Alexandru wrote:
> I'm not sure I understand the difference between the -cafile and
> -certfile option of the command:
>
"-certfile" relates to the certificate that identifies client (likewise
server) for the https connection. "-cafile" relates to the certificate
of the Certication Authority (CA) that signed the client/server certificate.
> [code] ::http::register https 443 [list ::tls::socket -require 0
> -request 0 -ssl2 0 -ssl3 0 -tls1 1 -cafile $cafile -certfile
> $certfile] [/code
>
> Is it so, that if my certificate file (public.crt) was signed by a CA
> liek VerySign then I must only use the option -cafile? And if I have
> a self signed certificate, then I must use the option -certfile?
>
You need to specify the location of both these certificates, regardless
who the CA is, i.e. regardless whether the client/server certificate is
self-signed.
Of course it's best if you understand the logic for this. If you feel
there's an obstacle here, it's best to read up on:
- asymmetric cryptography and
- Public Key Infrastructure (PKI)
Internet provides many sources for that. You might start with:
https://pki-tutorial.readthedocs.org/en/latest/
HTH,
Erik Leunissen
--
elns@ nl | Merge the left part of these two lines into one,
xs4all. | respecting a character's position in a line.