Reputation: 1043
curl Failed to import cert file client.crt on command prompt and Powershell works fine on gitbash
I am using Windows...
When I run the following curl command through gitbash it works fine:
curl --cacert ca.crt --key client.key --cert client.crt "https://myurl"
However, if I try to run the same command in command prompt or Powershell, I get this error:
curl: (58) schannel: Failed to import cert file client.crt, last error is 0x80092002
What do I need to do to get the command working in Command Prompt or Powershell?
Upvotes: 9
Views: 36231
Answers (6)
Reputation: 1
to use the windows version of curl I suggest first to create a pfx file:
openssl pkcs12 -export -in client.crt -out client.pfx -key client.key
you will prompted for a password. use it in the curl command:
curl --cacert ca.crt --cert client.pfx:password "https://myurl"
Upvotes: 0
Reputation: 21
I had the same issue, with both windows curl and mingw(git) both where version 8.4.0 I downloaded curl 8.6.0 from here https://curl.se/windows/ and it soved the issue
Upvotes: 2
Reputation: 116
On our Windows 2019 server we have two curl.exe. By default, the version 7.83.1 was summoned. The issue was solved by using the version 7.54.1 and adding the full path to access it.
Upvotes: 0
Reputation: 1
in the manpage of curl, it is described that on Windows, it uses schannel provider by default (which itself uses the windows store). I am on the same errand now :-) trying to find a way to pass the certs from the command line and from local files.
Perhaps try importing the certs into the Windows store.
Upvotes: -1
Reputation: 1043
Windows version of curl.exe is not configured to work with openssl but git's is.
So to make sure whenever I typed 'curl' into a command prompt, it was using git's version of curl I added the path to git's curl (C:\Program Files\Git\mingw64\bin) in system environment variables and moved it right to the top…so it find’s git’s curl before it finds window’s curl.
After then restarted the command prompt it resolved the issue.
Upvotes: 18
Reputation: 13460
You are providing your client certificate in the wrong format. curl requires the certificate in the PEM format (source):
-E/--cert <certificate[:password]> (SSL) Tells curl to use the specified certificate file when getting a file with HTTPS or FTPS. The certificate must be in PEM format. If the optional password isn't specified, it will be queried for on the terminal. Note that this option assumes a "certificate" file that is the private key and the private certificate concatenated! See --cert and --key to specify them independently. If curl is built against the NSS SSL library then this option can tell curl the nickname of the certificate to use within the NSS database defined by the environment variable SSL_DIR (or by default /etc/pki/nssdb). If the NSS PEM PKCS#11 module (libnsspem.so) is available then PEM files may be loaded. If you want to use a file from the current directory, please precede it with "./" prefix, in order to avoid confusion with a nickname. If this option is used several times, the last one will be used.
Your certificate might be in the DER format or contain a whole certificate chain instead of your single client certificate.
Upvotes: 0
Related Questions
- git clone error: RPC failed; curl 56 OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 10054
- Unable to resolve "unable to get local issuer certificate" using git on Windows with self-signed certificate
- SSL: 'unable to get local issuer certificate'
- cURL command works in git bash but not in cmd and powershell
- curl command in git-bash
- Cannot use curl even though git is installed
- Git on Windows not working with remote because of "SSL protocol" errors
- OS X: Git with client certificates rejected
- cURL unable to use curl-ca-bundle.crt when accessing SSL
- Certificate problem while cloning a https url with git