I'm trying to cURL using a certificate stored in an NSS database, however while running the cURL command, it says the certificate cannot be found. Here is the list of the certs in my DB:
[root@localhost scripts]# certutil -L -d /nss
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
Test User u,u,u
Test Root CA ,,
Test SUBCA2 ,,
You can see the "Test User" cert is in there. I also confirmed that SSL_DIR is set to the DB directory:
[root@localhost scripts]# echo $SSL_DIR
/nss
However, when I run the cURL command:
[root@localhost etc]# curl -vk --cert "Test User" https://localhost:7446
* About to connect() to localhost port 7446 (#0)
* Trying ::1... connected
* Connected to localhost (::1) port 7446 (#0)
* Initializing NSS with certpath: sql:/nss
* warning: ignoring value of ssl.verifyhost
* skipping SSL peer certificate verification
* NSS: client certificate not found: Test User
* NSS error -5938
* Closing connection #0
curl: (35) NSS: client certificate not found: Test User
Any reason why it can't find the cert?
I figured out the issue. It was a couple of issues.
When creating the database, I should have added the --empty-password flag:
certutil -N -d /nss --empty-password
Also, when adding the cert, I needed to add sql: before the NSS DB field:
pk12util -i cert.p12 -d sql:/nss
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With