Using curl -with --cert

ssl curl certificate ssl-certificate
83,475

Solution 1

It is not possible to connect to a TLS server with curl using only a client certificate, without the client private key. Either they forgot to send you the private key file, or, what they sent you was not the client certificate but the server certificate for verification.

The first thing I would try is using --cacert instead of --cert. That is, tell curl that this is the server's certificate that curl can use to verify that the server is who you think it is.

You can also try removing --cert and not using --cacert, and you will probably get an error that the server is not trusted. Then add the --insecure argument and see if that works. I would not keep that argument, as then you have no proof of who you are talking to.

My guess is that it is the server cert, and that using --cacert instead of --cert will solve the problem.

Solution 2

My guess is that your certificate file is a DER encoded binary certificate instead of base-64 encoded certificate. To covert the from binary to base-64, you can use OpenSSL.

openssl x509 -inform der -in certificate.cer -out certificate.pem

I always forget all the arguments and have the following site bookmarked, as it gives examples of how to convert pretty much any certificate format. https://www.sslshopper.com/ssl-converter.html

Share:
83,475
Cristiano Ansaloni
Author by

Cristiano Ansaloni

Updated on July 09, 2022

Comments

  • Cristiano Ansaloni
    Cristiano Ansaloni 2 months

    I'm using cUrl to request data from a corporate website site using a .cer certificate that they sent me. This is the command:

    cUrl --header "Content-Type: text/xml;charset=UTF-8" \
     --data @bustaRequestISEE2015ConsultazioneAttestazione.xml \
     -o bustaResponseISEE2015ConsultazioneAttestazione.xml \
     --cert ./caaffabisrl.cer \
     https://istitutonazionaleprevidenzasociale.spcoop.gov.it/PD

    When I run it, I get this error message:

    curl: (58) could not load PEM client certificate, OpenSSL error error:0906D06C:PEM routines:PEM_read_bio:no start line, (no key found, wrong pass phrase, or wro ng file format?)

    Is there anybody who can help me?

    Tks, Cristiano.

  • Cristiano Ansaloni
    Cristiano Ansaloni over 6 years
    Thanks @kah608, I converted the certificate as you suggest but now I get this error message: curl: (58) unable to set private key file: './caaffabisrl.pem' type PEM. Can you help me?
  • kah608
    kah608 over 6 years
    @CristianoAnsaloni It is hard to know exactly why this is happening. Take a look at this website, it has more information and troubleshooting steps: honglus.blogspot.in/2012/03/…
  • Kevin Won
    Kevin Won over 3 years
    had same error response, change to --cacert fixed it.
  • C-lio Garcia
    C-lio Garcia over 2 years
    Changing to --cacert i have the following error: curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
  • Sazzad Hissain Khan
    Sazzad Hissain Khan over 2 years
    @kah608 do you know why I am getting this error? stackoverflow.com/q/60754143/1084174

Recents

How to control Windows 10 via Linux terminal?
Why am I getting some extra, weird characters when making a file from grep output?
Unix to verify file has no content and empty lines
BASH: can grep on command line, but not in script
Safari on iPad occasionally doesn't recognize ASP.NET postback links
anchor tag not working in safari (ios) for iPhone/iPod Touch/iPad
Logging SOAP request and response on server side
How to delete system.profile collection from a MongoDB?
Using Tomcat, @WebFilter doesn't work with <filter-mapping> inside web.xml
Externalize Tomcat configuration
Datapump import is unable to open the log file
Is there a comprehensive list of tomcat roles?

Related

cURL SSL Certificate error "Bad Certificate"
Error while creating self-signed SSL certificate
Connecting to MySQL server with ssl
Spring security, ssl ldap and no certificate
SSL certificate not accepted
converting .cer to .pem returns error 'unable to load certificate'
How to disable certificate validation in java
TLS_RSA_WITH_AES_128_CBC_SHA and SSL_RSA_WITH_AES_128_CBC_SHA
Create a Self-Signed Certificate within IIS Express
SSL certificate generated with OpenSSL not working on NSS