Written by fabio
As is so often the case, working with SSL you need to configure and test a strong authentication (SSL client authentication).
In all these cases, you need to provide an ad-hoc client certificate to perform a succesful handshake.
OpenSSL can be used to create your PKCS12 client certificate by peforming the following few steps.
openssl req -new -nodes -out req.pem -keyout key.pem -days 3650 -config openssl.cnf
openssl ca -out cert.pem -days 365 -config openssl.cnf -infiles req.pem
openssl pkcs12 -export -in cert.pem -inkey key.pem -certfile cacert.pem -name "Fabio Martelli" -out cert.p12
Now you can use your cert.p12 with client application.
E.G. If your client is Firefox you can simply import your certificate as a new "personal certificate".
IMPORTANT: the target peer (the application requiring strong authentication) has to be provisioned with the CA which has signed your certificate.