发表新帖
发表新帖

CURL to pass SSL certifcate and password

前端 未结
关注
3 833
旧时难觅i
旧时难觅i 2021-02-05 11:22

I need to specify a certificate with CURL i tried with --cert option it is not working.

Could you please let me know to specify the keystore and passpharse while invokin

相关标签:
3条回答
  • 佛祖请我去吃肉
    2021-02-05 12:01

    I went through this when trying to get a clientcert and private key out of a keystore.

    The link above posted by welsh was great, but there was an extra step on my redhat distribution. If curl is built with NSS ( run curl --version to see if you see NSS listed) then you need to import the keys into an NSS keystore. I went through a bunch of convoluted steps, so this may not be the cleanest way, but it got things working

    So export the keys into .p12

    keytool -importkeystore -srckeystore $jksfile -destkeystore $p12file \
        -srcstoretype JKS -deststoretype PKCS12 \
        -srcstorepass $jkspassword -deststorepass $p12password  
        -srcalias $myalias -destalias $myalias \
        -srckeypass $keypass -destkeypass $keypass -noprompt

    And generate the pem file that holds only the key

     echo making ${fileroot}.key.pem
 openssl pkcs12 -in $p12 -out ${fileroot}.key.pem  \
         -passin pass:$p12password  \
         -passout pass:$p12password  -nocerts
    • Make an empty keystore:
    mkdir ~/nss
chmod 700 ~/nss
certutil -N -d ~/nss
    • Import the keys into the keystore
    pks12util -i <mykeys>.p12 -d ~/nss -W <password for cert >

    Now curl should work.

    curl --insecure --cert <client cert alias>:<password for cert> \
     --key ${fileroot}.key.pem  <URL>

    As I mentioned, there may be other ways to do this, but at least this was repeatable for me. If curl is compiled with NSS support, I was not able to get it to pull the client cert from a file.

    0 讨论(0)
  • 夕颜
    2021-02-05 12:03

    Addition to previous answer make sure that your curl installation supports https.
    You can use curl --version to get information about supported protocols.

    If your curl supports https follow the previous answer.

    curl --cert certificate_path:password https://www.example.com

    If it does not support https, you need to install a cURL version that supports https.

    0 讨论(0)
  • 一个人的身影
    2021-02-05 12:12

    Should be:

    curl --cert certificate_file.pem:password https://www.example.com/some_protected_page
    0 讨论(0)
 看不清?
提交回复
热议问题