cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: Curl with nss error

From: Kamil Dudka <kdudka_at_redhat.com>
Date: Tue, 29 Sep 2015 10:51:56 +0200

On Friday 25 September 2015 17:06:23 Craig Foote wrote:
> I'm trying to use curl to access a https address passing it my certificate
> and validating the server's certificate with my own truststore (we have our
> own CA). I am for now running as root.
>
> curl -v --cert /home/cdfoote/myCertificate.pem:mypassword --cert
> /home/cdfoote/truststore.pem https://host.com:8444
>
> This gives me the error:
>
> Unable to load client cert -8018
> NSS error -8018
>
> Googling that and determining that my curl was compiled with nss I've
> converted my certificate to a .pfx (I started with a .jks) and imported it
> into the nss db via:
>
> pk12util -i /home/cdfoote/myCertificate.pfx -d /etc/pki/nssdb
>
> I see it when I list all certs in the db:
>
> certutil -L -d /etc/pki/nssdb
>
> I see its details when I list it by nickname:
>
> certutil -L -d /etc/pki/nssdb -n myCert

Which version of NSS are you using?

You might need to use sql:/etc/pki/nssdb for -d for certutil (libcurl
inserts the sql: prefix automatically). Please also check the trust
flags with certutil.

Kamil
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2015-09-29