i'm trying use curl access https address passing certificate , validating server's certificate own truststore (we have our own ca). running root.
curl -v --cert /home/cdfoote/mycertificate.pem:mypassword --cacert /home/cdfoote/truststore.pem https://host.com:8444 this gives me error:
unable load client cert -8018 nss error -8018 googling , determining curl compiled nss i've converted certificate .pfx (i started .jks) , imported nss db via:
pk12util -i /home/cdfoote/mycertificate.pfx -d /etc/pki/nssdb i see when list certs in db:
certutil -l -d /etc/pki/nssdb i see details when list nickname:
certutil -l -d /etc/pki/nssdb -n mycert i've made db available via:
export ssl_dir=/etc/pki/nssdb now, curl command i'm running is:
curl -v --cert mycert --cacert /home/cdfoote/truststore.pem https://host.com:8444 the response is:
about connect https//host.com port 8444 (#0) trying ipaddress connected host.com (ipaddress) port 8444(#0) initializing nss certpath: sql:/etc/pki/nssdb cafile: /home/cdfoote/truststore.pem capath: none nss: client certificate not found: mycert ssl connection using tls_dhe_rsa_with_aes_256_cbc_sha server certificate: ... { "status" : "403 - forbidden", ... a few questions:
does 'capath: none' indicate truststore not found though 'cafile' correct? if so, ideas why isn't found?
any idea why 'mycert' not found though nss initialized correct 'certpath' (and listed fine)?
on box, apparently curl compiled openssl rather nss, original curl command above works. there way can run curl way without recompiling it?
thanks in advance, craig
Comments
Post a Comment