转自:https://curl.haxx.se/mail/archive-2005-09/0138.html
Greetings CURL users!
I just subscribed to the list and would like to share a problem and it's
solution, after a couple of hours working around it... I was going to write
to the list for help ;)
I was having problems using Curl to connect to a https server using a client
certificate. I believe i was doing everything by the book, but somehow Curl
kept complaining about the private key file.
1) I had a PKCS#12 file which contained the CA and Client certificates and
the private key: "MULTICERT.p12"
2) I convert it to PEM format with:
openssl pkcs12 -in MULTICERT.p12 -out cert.pem
Enter Import Password:
MAC verified OK
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
and the file cert.pem was created with all the certificates and the private
key (i used "xxxxxx" for the PEM pass phrase).
3) However when i used Curl to connect to the https server
curl -d "var1=value1&var2=value2&..." -G -v --cert cert.pem:xxxxxx
https://www.somesite.com/page
* About to connect() to www.somesite.com port 443
* Trying 123.123.123.123... * connected
* Connected to www.somesite.com (123.123.123.123) port 443
* unable to set private key file: 'cert.pem' type PEM
* Closing connection #0
curl: (58) unable to set private key file: 'cert.pem' type PEM
4) So then i tried to put the CA certificate, Client Certificate and Private
Key in separate files:
openssl pkcs12 -in MULTICERT.p12 -out ca.pem -cacerts -nokeys
openssl pkcs12 -in MULTICERT.p12 -out client.pem -clcerts -nokeys
openssl pkcs12 -in MULTICERT.p12 -out key.pem -nocerts
and then i tried Curl again:
curl -d "var1=value1&var2=value2&..." -G -v --key key.pem --cacert
ca.pem --cert client.pem:xxxxxx https://www.somesite.com/page
and it worked!!! :)
Still don't know why the first method - having everything in one cert file -
didn't work...!?
Maybe the proivate key was'nt on the right order...
Well, anyway, hope this helps anyone
Cheers!