Re: using CURLOPT_SSLCERT with self-signed certificate or non-ca-signed certificates

On Sat, 30 May 2020, Nicolas Mora via curl-library wrote:

> Is it possible with libcurl to use a self-signed client certificate?

Yes. To libcurl it doesn't matter who signed it, as long as you can verify the
signature with the CA cert bundle.

> CURLOPT_SSLCERT documentation doesn't provide information about that.

That's the option for *client certs*. That basically the opposite, when you as
a client provide a cert to the server so it can verify you.

You want CURLOPT_CAINFO which specifies the path to a PEM file containing the
root or leaf certs to verify the server with.

You can use openssl to get that CA cert from your server like this:

  $ echo quit | openssl s_client -showcerts -servername [server] -connect \
    [server]:443 > cacert.pem

-- 
  / daniel.haxx.se | Commercial curl support up to 24x7 is available!
                   | Private help, bug fixes, support, ports, new features
                   | https://www.wolfssl.com/contact/
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html