cUrl with mutual authentication

curl ssl-certificate mutual-authentication
10,169

Solution 1

Yes you need to add --cacert option to the curl command if you have it downloaded or a self-signed certificate (in my case)

curl --key client.key --cert client.crt --cacert bundle.pem -X GET -v https://x.x.x.x:xxxx/folder/endpoint.

The bundle.pem has the server.crt and rootCA.crt.

cat server.crt rootCA.crt >> bundle.pem

Solution 2

Your error message is :

unable to get local issuer certificate

That means curl is unable to find the certificate of the issuer (the CA who sign the server certificate) from the trust store :

/etc/ssl/certs/ca-certificates.crt

All you have to do is download the CA certificate and add it to the trust store.

Share:
10,169
Owen Nel
Author by

Owen Nel

Updated on June 04, 2022

Comments

  • Owen Nel
    Owen Nel almost 2 years

    I am trying to do a cUrl to a 3rd party server. They provided me with a p12 file which I installed in my browser. When using the browser I get a response from the server. When doing a cUrl from the linux terminal I get handshake errors.

    I extracted the .p12 to a key and cert and then I run the following command:

    curl --key client.key --cert client.crt -X GET -v https://x.x.x.x:xxxx/folder/endpoint

    And get the following reply:

    Note: Unnecessary use of -X or --request, GET is already inferred.
*   Trying x.x.x.x...
* TCP_NODELAY set
* Connected to x.x.x.x (x.x.x.x) port xxxx (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS alert, Server hello (2):
* SSL certificate problem: unable to get local issuer certificate
* stopped the pause stream!
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

    Do I need to add a self-signed certificate somewhere? I feel like I am missing something. As said earlier, it works from my browser where the cert was imported so I am certain that there is not an issue with their cert. I know I am missing something.

    Thanks,

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Cannot install anything with brew, Error: Failed to download resource "git--html"
curl - SSL peer does not support certificates of the type it received
Curl with custom certificate
How do I install a PFX certificate file into Ubuntu so Curl trusts it?
curl FTPS with client certificate to a vsftpd
How to alias a ssl certificate common name?
Adding a self-signed cert to the trusted certs within cURL in Windows?
cURL or SSL problems, how to solve?
curl fails to retrieve HTTPS content: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
Default CA Cert Bundle Location