curl-users
Re: curl command - Unable to load client cert -8018
Date: Wed, 9 Oct 2013 12:32:46 -0700 (PDT)
From: Enric Ballo <enric.ballo@gmail.com>
To: curl-users@cool.haxx.se
Sent: Wednesday, October 9, 2013 12:02 AM
Subject: curl command - Unable to load client cert -8018
I'm trying to connect to a secure webservice throught a proxy using the curl command, but I get the follow error:
Unable to load client cert -8018.
Complete log:
[e-ballo@myserver]#curl -v -x proxy01.net:8080https://endPointURL.com/SOAP --key ./cert.crt --cert ./cert.crt -capath=/etc/pki/tls/certs *Aboutto connect()to proxy proxy01.net port 8080(#0)*Trying10.0.3.64...connected *Connectedto proxy01.net (10.0.3.64)port 8080(#0)*EstablishHTTP proxy tunnel to endPointURL.com:443>CONNECT endPointURL.com:443HTTP/1.1>Host:endPointURL.com:443>User-Agent:curl/7.19.7(x86_64-redhat-linux-gnu)libcurl/7.19.7NSS/3.14.3.0zlib/1.2.3libidn/1.18libssh2/1.4.2>Proxy-Connection:Keep-Alive><HTTP/1.0200Connectionestablished <*Proxyreplied OK to CONNECT request *InitializingNSS with certpath:sql:/home/e-ballo/*Unableto initialize NSS database *InitializingNSS with certpath:none *CAfile:/etc/pki/tls/certs/ca-bundle.crt CApath:none *Unableto load client cert -8018.*NSS error -8018*Closingconnection #0curl:(58)Unableto load client cert -8018.
Any idea what this error means ? and how can I fix it ?
Thanks in advance,
--
Enric Ballo
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Your version of curl was compiled with the Netscape Security System (NSS) libraries instead of the openSSL libraries. Versions of curl compiled with these two libraries use different certificate access methods. You are calling a flat file, which is the openSSL method.
You will need to get NSS installed, (already there on most Red Hat derivatives) and create a cert9.db file, import your certificate and key (after converting to a P12 with openssl -don't forget to add a "freindlyName" or nickname) into that db using pk12util. Then you call the cert by it's nickname and give the password for the db.
The other option is get or compile a version of curl using the openssl libraries. RedHat 5, ubuntu or windows versions of curl are frequently already compiled that way. Red Hat 6 comes with curl compiled for NSS.
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2013-10-09