Reputation: 977
Use self signed certificate with cURL?
I have a flask application running using a self signed certificate. I'm able to send in a curl request using:
curl -v -k -H "Content-Type: application/json" -d '{"data":"value1","key":"value2"}' https://<server_ip>:<port>
The verbose logs show that everything went alright.
I wanted to avoid using the -k (--insecure) option and instead specify a .pem file that curl could use. Looking at the curl man page I found that you could do this using the --cert option. So I created a .pem file using this:
openssl rsa -in server.key -text > private.pem
CURL throws me this error when using the private.pem file:
curl: (58) unable to use client certificate (no key found or wrong pass phrase?)
Any suggestions? - or is this only possible with a properly signed certificate?
Tnx
Upvotes: 48
Views: 107577
Answers (2)
Reputation: 468
To make request from https server through curl. I make use of the steps below
- Step1: Generate self signed certificate with below code at root of the project you want to make use of it.
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -nodes - Step2: Fill the prompt with required details but when you get to Common name input localhost e.g
Common Name (eg, fully qualified host name) []:localhost - step3: When your openssl cert.pem & key.pem has being generated startup your server then in another terminal or command line run
curl --cacert cert.pem https://localhost:443
Note: I use port 443 which is the default https port, you can make use of another port then make sure cert.pem file path is well referenced.
Upvotes: 2
Reputation: 58254
This is just another version of this question: Using openssl to get the certificate from a server
Or put more bluntly:
Using curl --cert is wrong, it is for client certificates.
First, get the the certs your server is using:
$ echo quit | openssl s_client -showcerts -servername server -connect server:443 > cacert.pem
(-servername is necessary for SNI so that you get the right virtual server's certificate back)
Then make your curl command line use that set to verify the server in subsequent operations:
$ curl --cacert cacert.pem https://server/ [and the rest]
special teaser
Starting with curl 7.88.0 (to be shipped in February 2023), curl can save the certificates itself with the new %{certs} variable for the -w option. Blogged about here.
Upvotes: 92
Related Questions
- How do I deal with certificates using cURL while trying to access an HTTPS url?
- Using curl with --cert
- Add self signed certificate to ubuntu for use with curl
- curl fails to verify self signed certificate after redirection from HTTP to HTTPS
- Using curl with certificate that has no password
- Why won't curl recognise a self-signed SSL certificate?
- PHP CURL and SSL certificate (or cert chain)
- Curl does not take into consideration the given certificate(using --cert option)
- Perform soap request via https with self-signed certificate by cURL
- cURL PHP Proper SSL between private servers with self-signed certificate