Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Getting (58) unable to use client certificate (no key found or wrong pass phrase?) from curl

Tags:

curl

ssl

ssl-certificate

I'm attempting to make test calls to a third-party API that requires a client cert. I generated a new cert using this command with openssl:

req -new -newkey rsa:2048 -nodes -out mycsr.csr -keyout mykey.key

I then sent them the csr, and they sent me back mycert.crt. I concatenated the cert and the key together:

cat mycert.crt mykey.key > mycertandkey.pem

Finally, I added mycert.crt to the ca-certificates folder and ca-certificates.conf and ran "update-ca-certificates --fresh".

Now, I'm trying to make curl call from bash using the following command:

curl -X GET --cert mycertandkey.pem -H 'Accept-Encoding: gzip,deflate' -H 'Content-Type: application/json' https://api.URL.com

I've also tried:

curl -X GET --cert mycertandkey.pem --cacert mycert.crt -H 'Accept-Encoding: gzip,deflate' -H 'Content-Type: application/json' https://api.URL.com

and:

curl -X GET --cert mycertandkey.pem --cacert mycert.crt --key mykey.key -H 'Accept-Encoding: gzip,deflate' -H 'Content-Type: application/json' https://api.URL.com

And every other combination I can think of. I always get the error "curl: (58) unable to use client certificate (no key found or wrong pass phrase?)". The key doesn't have a passphrase. All of the cert/key files have 777 permissions.

I haven't worked much with certs in the past and I feel like I've missed something, especially since I seem to have only one cert. Is the cert that the other company sent me a cacert or is it my client cert? Did I concatenate the private key to the wrong cert?

I've found a lot of piecemeal information about this online, but if anyone knows of a good tutorial on this subject, I'd really appreciate that as well.

like image 682
Chris.B Avatar asked Apr 22 '15 13:04

Chris.B

1 Answers

Adding a pass phrase to my private key solved my problem.

I used the following command to add the passphrase:

ssh-keygen -p -f mykey.key

Before I could run that command successfully, I needed to change the permissions on the key file. 777 is not restrictive enough, and ssh-keygen would not touch it. Changing the permissions to 600 fixed that.

chmod 600 mykey.key

After adding the passphrase, I recreated the .pem file. Now I can successfully make curl calls with it using this command:

curl -X GET --cert mycertandkey.pem:mypassphrase -H 'Accept-Encoding: gzip,deflate' -H 'Content-Type: application/json' https://api.URL.com
like image 69
Chris.B Avatar answered Nov 06 '22 06:11

Chris.B
Sign in to Comment

Related questions

SQL Server cannot find Certificate
Integrating SSL into a program which uses BSD sockets
Apache Benchmark HTTPS failing
Decrypt client-side SSL traffic in Wireshark generated by Java HttpsURLConnection
Disable SSL certificate validation in Python
Verify signature with pyopenssl
Slow Java SSL in a netty application
How to set the port in HTTParty
Configuring cURL for SSL
Testing HTTPS locally with Coldfusion
How do I provide a specific TrustStore while using the default KeyStore in Java (JSSE)
FTPS Server using .NET SslStream
RestClient failing to GET resource using SSL client certificate
Apache2 SSL Certificate/Key mismatch
boost asio - SSL async_read and async_write from one thread
SSL connection error when connecting to RDS MySQL from Django
Unity - Unable to send HTTPS request due to CryptographicException
Why does the Java SSL socket connection fail hard if server does not support SSLv3
nginx critical error with SSL handshaking
HOW-TO: LDAP bind+authenticate using python-ldap

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!