问题
Curl Command:
curl -k -vvvv --request POST --header "Content-Type: application/json" --cert client.pem:password --key key.pem "https://test.com:8443/testing"
I am trying to send a client certificate using Curl command specified above. I am trying to know the following:
What is the HTTP request header that I should be looking at the server side to pull out the client certificate from the HTTP Request.
If I cannot pull out the client certificate on the server side from the HTTP Request, can I add a custom request header in the HTTP Request and send the client certificate as a value of that custom header. It would be great if someone could provide me an example of this approach.
回答1:
TLS client certificates are not sent in HTTP headers. They are transmitted by the client as part of the TLS handshake, and the server will typically check the validity of the certificate during the handshake as well.
If the certificate is accepted, most web servers can be configured to add headers for transmitting the certificate or information contained on the certificate to the application. Environment variables are populated with certificate information in Apache and Nginx which can be used in other directives for setting headers.
As an example of this approach, the following Nginx config snippet will validate a client certificate, and then set the SSL_CLIENT_CERT
header to pass the entire certificate to the application. This will only be set when then certificate was successfully validated, so the application can then parse the certificate and rely on the information it bears.
server {
listen 443 ssl;
server_name example.com;
ssl_certificate /path/to/chainedcert.pem; # server certificate
ssl_certificate_key /path/to/key; # server key
ssl_client_certificate /path/to/ca.pem; # client CA
ssl_verify_client on;
proxy_set_header SSL_CLIENT_CERT $ssl_client_cert;
location / {
proxy_pass http://localhost:3000;
}
}
回答2:
This is how I did it:
curl -v \
--cacert ./ca.pem \
--key ./admin-key.pem \
--cert ./admin.pem \
https://xxxx/api/v1/
来源:https://stackoverflow.com/questions/31305376/using-client-certificate-in-curl-command