Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

NSS: client certificate not found (nickname not specified)?

I'm trying to access a third-party service via PHP curl on a Centos 6 system which comes with curl and libcurl compiled against NSS instead of OpenSSL.

This is causing problems for me, every time I try to access the service I get this error NSS: client certificate not found (nickname not specified).

My understanding is that I need to install the certificates in the NSS database.

I'm looking for step by step instructions on how to do this (keep in mind, I need this to work with PHP curl functions called from Nginx server)

Thanks

like image 263
Jason Avatar asked Apr 02 '13 20:04

Jason


People also ask

What is NSS client certificate?

The certificate service of the NSS server is used to create and verify digital signatures on behalf of an NSS client. Certificates for stacks that are configured to use the NSS certificate service must be on the key ring of the NSS server.

How do I pass client certificate in curl?

Using curl with a client certificate can be achieved in a couple of ways. You can curl with a certificate and key in the same file or curl with a certificate and private key in separate files. Where -v is verbose, -GET is a GET request, --key key. pem is the key file or path to the private key, --cert cert.

What is NSS curl?

curl is a tool to transfer data from or to a server, using one of the supported protocols (HTTP, HTTPS, FTP, FTPS, SCP, SFTP, TFTP, DICT, TELNET, LDAP or FILE). The command is designed to work without user interaction. 1. Set SSL_DIR environment variable to path of your NSS database.


1 Answers

Try prefixing the certificate filename with "./", or using the full path. From the curl manpage:

If curl is built against the NSS SSL library then this option [--cert] can tell curl the nickname of the certificate to use within the NSS database defined by the environment variable SSL_DIR (or by default /etc/pki/nssdb). If the NSS PEM PKCS#11 module (lib- nsspem.so) is available then PEM files may be loaded. If you want to use a file from the current directory, please precede it with "./" prefix, in order to avoid confusion with a nickname.

(emphasis mine)

Alternatively, some instructions for importing into the NSS certificate database are here, although I have not used them: http://rcritten.fedorapeople.org/nss_compat_ossl.html

like image 154
pimlottc Avatar answered Sep 24 '22 19:09

pimlottc