Using Certificates with cURL

- Rajat

Posted by Rajat on Mar 10, 2007 in Cryptography, Tools, Web application security | 2 comments

certificates curl X.509

The problem: Using Digital Certificates issued by a Certification Authority (CA) with curl.

The situation: I have a .cer (Digital Certificate) file, .pfx (Personal Information Exchange file i.e., the private key for the certificate). I cannot use either of these to authenticate to the web service as curl would not accept these formats.

The solution:
1) Convert it into PEM format (X.509 certificate) using openssl.
openssl pkcs12 -in abcd.pfx -out abcd.pem
Enter a passphrase and a password.
2) Still you cannot use this with curl because you’d get a few errors.
3) Convert this PEM certificate into three different certificates for the client, the private key and the certification authority certificate.
openssl pkcs12 -in abcd.pfx -out ca.pem -cacerts -nokeys
openssl pkcs12 -in abcd.pfx -out client.pem -clcerts -nokeys
openssl pkcs12 -in abcd.pfx -out key.pem -nocerts
4) Use the following command:
curl -k https://www.thesitetoauthenticate.com/test -v –key key.pem –cacert ca.pem –cert client.pem:

This stuff is also mentioned on curl forum at http://curl.haxx.se/mail/archive-2005-09/0138.html

Community Answers

2-26-09

DryThyme says:

How u can do this with libcurl and openssl.net
If you have some experience will you share?
Thanks in advance!


+16
Was this answer helpful?
Like Dislike
1-7-10

Anonymous says:

Your blog keeps getting better and better! Your older articles are not as good as newer ones you have a lot more creativity and originality now keep it up!


+9
Was this answer helpful?
Like Dislike