http://www.4js.com/techdocs/genero/gws/devel/DocRoot/User/WseSSLClientTutorial.html
With the exception of step 2, everything else is easy to understand
and reproduce.
"Step 2: Create the client's certificate authority list
* Retrieve the certificate of the HTTPS server:
Type the server's URL in your Internet browser. When prompted,
save the certificate to disk.
* Create the client's Certificate Authority List from the
certificate that you saved to disk in the previous step:
$ openssl x509 -in ServerCertificate.crt -text >>
ClientCAList.pem"
Creating a client ca list this way is a pain from the command-line and
I found a simpler solution. You download a ready-made one from this
url:
http://curl.haxx.se/ca/cacert.pem
Regards
Mark