cURL / Mailing Lists / curl-users / Single Mail


Re: How and what should be used when doing a SSL-request with client cert?

From: Jonny Andersson <>
Date: Fri, 03 Sep 2010 11:22:49 +0200

  Thanks for your information, I really appreciate that! I have also
asked for help with this at another forum and have now begin to
understand more about what I have to supply to the cURL-request to get
this to work. One thing is that the test-cert I have got seems to be in
an another format (not readable as normal text when opened in a text
editor) that maybe not is supported, I transformed it to PEM (something
readable in a text editor) with this command in yesterday:

openssl x509 -inform DES -in ClientCert.crt -out ClientCert.cer -text

Due to a lot of meetings and a short day because of travel will I
unfortunately not have time to look much at this today but I will follow
up this as help for others when I have got it to work and in case of
need ask more questions in the beginning of the next week.

A lot of thanks for your help so far!


On 2010-09-02 23:35, Daniel Stenberg wrote:
> On Thu, 2 Sep 2010, Jonny Andersson wrote:
>> I am trying to make a request to a web service with SSL and client
>> cert authentication. I am unfortunately not quite familiar of using a
>> client certificate from other applications either. Anyway, I have
>> added the param --cert and the path to a certificate file to the
>> command line for cURL but I get a
> The man page for --cert explains:
> Note that this option assumes a "certificate" file that is the
> private key
> and the private certificate concatenated!
>> curl: (58) unable to use client certificate (no key found or wrong
>> pass phrase?)
> It is actually the private key that needs the pass phrase.
>> Also, is it expected to have a certain encoding(DER, PEM, ..)?
> It assumes PEM by default, you can switch with --cert-type.
>> I have tried this with an ordinary certificate file that at my
>> Windows-computer has the extension .cer and which is a certificate
>> signed of a CA-certificate. But this seems to be wrong.
> That does indeed sound wrong.
>> Also, the only password connected to that cert in some way I know
>> about is the password used for the private key for the CA certificate
> Why do you have a private key for the CA certificate? I don't understand.

List admin:
Received on 2010-09-03