cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: FTPS for a complete novice

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Wed, 14 Nov 2007 10:28:33 +0100 (CET)

On Tue, 13 Nov 2007, robert pinkos wrote:

> Hi,I'm completely new to cURL and relatively new to UNIX so feel free
> torespond in the most patronising simple-talk.

curl is not really unix, it works on lots of non-unix operating systems...

> I've read the man pages and relevant documentation on curl.haxx.se but to no
> avail. I have recently been charged with the task of sending a file using
> FTPS (FTPS is the only secure method the recipients are willing to accept).

That's at least partly because we've made an effort to make most operations
like download and upload be used the same way no matter what protocol you're
using, partly because it is just FTP with some added SSL magic and we
supported both FTP and SSL stuff before FTPS and partly because many of your
questions are plain SSL-related and they're answered all over the net already
without us having to repeat them. Like what certificates that exist and how
they interact which each other etc.

But it would certainly be appreciated if you help us to fill out the gaps when
you learn this now!

> We have chosen cURL as our preferred client and successfully installed
> v7.16.2 for HP-UX 11.11 downloaded from the HP software depot website.

> My query is: What exactly do I need besides cURL to get this to work?

Quite possibly nothing. It depends on your situation.

> I gather I need an SSL certificate.

Perhaps. It depends if your server requires you to have one. Then you need to
get one.

> Is this specific to the machine or to the cURL application? How do I get a
> certificate?

Client certificates are used by servers to make sure only people with
certificates can access their site.

If you need one, your server admins should give it to you.

> Do I need to install OpenSSL?

If you use curl built with OpenSSL then you need OpenSSL installed, unless it
was built with OpenSSL staticly as then you already have it built-in.

curl can also be built to use other SSL libraries...

> Do I need to do anything other than copy the certificate to my Unix box when
> I have it?

Yes, if you use a client cert you also have a client key and you have a pass
phrase to use that.

> What is the bundle of certs installed
> in/opt/iexpress/curl/share/curl/curl-ca-bundle.crt used for?

That's the CA cert bundle. See
http://en.wikipedia.org/wiki/Certificate_authority

> Once I have this set up is it just a: curl -v --ftp-ssl-reqd
> -E/path/to/cert -T /upload/path/file -u username:password ftp://my_url/ ?

Yes, if that already uses the correct CA cert and the "/path/to/cert" is both
the cert and your key concatenated.

-- 
  Commercial curl and libcurl Technical Support: http://haxx.se/curl.html
Received on 2007-11-14