All geek questions in one place

Using curl with a certificate that does not have a password

I have my own CA and client certificate, which I have successfully used with cURL using the usual format:

curl --cacert /etc/myca.crt --cert /etc/myclient.pem:mypassword --cert-type PEM --get https://myhost.com

Now, for reasons beyond the scope of this question, I have the same client certificate, but the password was deleted using openssl. With openssl, I verified that the new certificate is correct, and I can use it to create SSL connections using applications other than cURL, but I cannot get it to work with cURL.

If I do not enter a password:

 curl --cacert /etc/myca.crt --cert /etc/myclient.pem --cert-type PEM --get https://example.com

I get the error "curl: (58) unable to use client certificate (key not found or invalid phrase?)

I also tried:

 curl --cacert /etc/myca.crt --cert /etc/myclient.pem: --cert-type PEM --get https://example.com

but I get the same error.

I am making a cURL call from a Perl script, so I need to find a way that will not tell me the password. I am using cURL 7.15.5 on RHEL 5.

Thanks.

+7
source share
1 answer

You can use the --pass switch:

 --pass <phrase> (SSL/SSH) Passphrase for the private key

To pass an empty passphrase, you can use:

 --pass ''
+2
source

Source: https://habr.com/ru/post/983104/

More articles:


All Articles