cURL / Mailing Lists / curl-users / Single Mail


Re: How and what should be used when doing a SSL-request with client cert?

From: Daniel Stenberg <>
Date: Thu, 2 Sep 2010 23:35:13 +0200 (CEST)

On Thu, 2 Sep 2010, Jonny Andersson wrote:

> I am trying to make a request to a web service with SSL and client cert
> authentication. I am unfortunately not quite familiar of using a client
> certificate from other applications either. Anyway, I have added the param
> --cert and the path to a certificate file to the command line for cURL but I
> get a

The man page for --cert explains:

   Note that this option assumes a "certificate" file that is the private key
   and the private certificate concatenated!

> curl: (58) unable to use client certificate (no key found or wrong pass
> phrase?)

It is actually the private key that needs the pass phrase.

> Also, is it expected to have a certain encoding(DER, PEM, ..)?

It assumes PEM by default, you can switch with --cert-type.

> I have tried this with an ordinary certificate file that at my
> Windows-computer has the extension .cer and which is a certificate signed of
> a CA-certificate. But this seems to be wrong.

That does indeed sound wrong.

> Also, the only password connected to that cert in some way I know about is
> the password used for the private key for the CA certificate

Why do you have a private key for the CA certificate? I don't understand.

List admin:
Received on 2010-09-02