Using Certificates with cURL
The problem: Using Digital Certificates issued by a Certification Authority (CA) with curl.
The situation: I have a .cer (Digital Certificate) file, .pfx (Personal Information Exchange file i.e., the private key for the certificate). I cannot use either of these to authenticate to the web service as curl would not accept these formats.
The solution:
1) Convert it into PEM format (X.509 certificate) using openssl.
openssl pkcs12 -in abcd.pfx -out abcd.pem
Enter a passphrase and a password.
2) Still you cannot use this with curl because you’d get a few errors.
3) Convert this PEM certificate into three different certificates for the client, the private key and the certification authority certificate.
openssl pkcs12 -in abcd.pfx -out ca.pem -cacerts -nokeys
openssl pkcs12 -in abcd.pfx -out client.pem -clcerts -nokeys
openssl pkcs12 -in abcd.pfx -out key.pem -nocerts
4) Use the following command:
curl -k https://www.thesitetoauthenticate.com/test -v –key key.pem –cacert ca.pem –cert client.pem:
This stuff is also mentioned on curl forum at http://curl.haxx.se/mail/archive-2005-09/0138.html
How u can do this with libcurl and openssl.net 🙂
If you have some experience will you share?
Thanks in advance!
Was this answer helpful?
LikeDislikeYour blog keeps getting better and better! Your older articles are not as good as newer ones you have a lot more creativity and originality now keep it up!
2) Simply
curl -k -E abcd.pem https://www.thesitetoauthenticate.com/test
Was this answer helpful?
LikeDislikeThx, now it works!
Was this answer helpful?
LikeDislikeThat would be:
curl -k https://www.thesitetoauthenticate.com/test -v –-key key.pem –-cacert ca.pem –-cert client.pem
Using the sameple above.
-Chris
Was this answer helpful?
LikeDislikeThis solution has been deemed correct by the post author
-k makes everything here insecure.
Was this answer helpful?
LikeDislike-k allows insecure connections as per https://stackoverflow.com/questions/10079707/https-connection-using-curl-from-command-line
Was this answer helpful?
LikeDislikeThis is exactly what I looked for. Thank you!
Was this answer helpful?
LikeDislikeHmm, I note you suggest “curl -k …” – not a good idea since this turns off the secure checking, hence defeating the object of using SSL !
Was this answer helpful?
LikeDislikeThanks you very much bro, it works!!!
Was this answer helpful?
LikeDislikeThanks for the help
Was this answer helpful?
LikeDislikeExcellent post. I’m dealing with a few of these issues as well..
-k just do not check CA of SSL issuer
but secure-encrypted connection do have place
if you would like to use selfsigned certificate and avoid to use -k
just add your own CA to trusted list
Was this answer helpful?
LikeDislikeWhen I run following command on my .pfx file, the ca.pem generated is blank. No error was given. Please let me know the reason for the file being empty.
openssl pkcs12 -in abcd.pfx -out ca.pem -cacerts -nokeys
The client.pem and key.pem were generated as expected.
Was this answer helpful?
LikeDislikeAppreciate if anyone can let me know the root cause for the ca.pem file generated to be empty.
Was this answer helpful?
LikeDislike