Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

cURL with a PKCS#12 certificate in a bash script

Tags:

bash

curl

openssl

pkcs12

i have to connect to a webservice, where a pkcs12 certificate is a must. the idea was to use curl in a bash script (under OS X, to be specific).

i have learnt that one of the few things curl cannot do in communication, is handling pkcs12 certificates (.p12). what are my options?

i have read that converting the certificate to PEM format would work (using openssl), however i have no idea how to tell curl that it gets a PEM and should communicate with a webservice requesting PKCS12 certificates.

converting pkcs12 to pem would be done like this (e.g.), it worked for me, however i haven't successfully used them with curl:

openssl pkcs12 -in mycert.p12 -out file.key.pem -nocerts -nodes openssl pkcs12 -in mycert.p12 -out file.crt.pem -clcerts -nokeys

any hints? or, any alternatives to curl? the solution should be commandline based.

like image 697
svenson Avatar asked Aug 27 '15 15:08

svenson

People also ask

Is PKCS same as PFX?

PKCS#12 (also known as PKCS12 or PFX) is a binary format for storing a certificate chain and private key in a single, encryptable file. PKCS#12 files are commonly used to import and export certificates and private keys on Windows and macOS computers, and usually have the filename extensions . p12 or . pfx .

How do you curl with a client certificate?

To authenticate with a private key and certificate using curl, you will need to provide the --key and --cert options to your request. The private key must be decrypted in plain text. The provided certificate must contain the corresponding public key.

1 Answers

I think you have allready resolved but i had a the same problem. I answer for share my solution.

If you have a .p12 file your approach is right. First of all you have to get the cert and the key separated from the p12 file. As an example, if you have a mycert.p12 file execute 

openssl pkcs12 -in mycert.p12 -out file.key.pem -nocerts -nodes openssl pkcs12 -in mycert.p12 -out file.crt.pem -clcerts -nokeys

Then you have to make the call to your url. For instance assume that you want to get the wsdl of a specific webservice

curl -E ./file.crt.pem --key ./file.key.pem https://myservice.com/service?wsdl

If the files file.crt.pem and file.key.pem are in your working folder "./" is mandatory.

like image 82
Smalltree1989 Avatar answered Sep 23 '22 06:09

Smalltree1989
Sign in to Comment

Related questions

find -name "*.xyz" -o -name "*.abc" -exec to Execute on all found files, not just the last suffix specified
Bash: wait with timeout
How do I create a directory on remote host if it doesn't exist without ssh-ing in?
Splitting a file in linux based on content [duplicate]
bash command spanning multiple lines with several lines of comments in-between [duplicate]
Can $() always replace backticks for command substitution?
How to install Certbot (Let's Encrypt) without interaction?
How do I get just real time value from 'time' command?
How to make an Echo server with Bash?
How can I loop over the output of a shell command?
How to remove all non-numeric characters from a string in Bash?
Automatic tagging of releases
How to reverse array in bash onliner FOR loop?
How can I make a progress bar while copying a directory with cp?
compare content of two variables in bash
less-style markdown viewer for UNIX systems
Best way to choose a random file from a directory in a shell script
How to trap exit code in Bash script
Escaping forward slashes in sed command [duplicate]
Ascii/Hex convert in bash

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!