Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Using curl with certificate that has no password

Tags:

curl

ssl

I have my own CA and client certificate that I have been using successfully with cURL using the normal format:

curl --cacert /etc/myca.crt --cert /etc/myclient.pem:mypassword --cert-type PEM --get https://myhost.com

Now, for reasons outside the scope of this question, I have the same client certificate but the password has been removed using openssl. Using openssl I have verified that the new certificate is correct and I can use it to make SSL connections using applications other than cURL, but I cannot get it to work with cURL.

If I don't enter a password:

curl --cacert /etc/myca.crt --cert /etc/myclient.pem --cert-type PEM --get https://example.com

I get an error saying "curl: (58) unable to use client certificate (no key found or wrong pass phrase?)"

I have also tried:

curl --cacert /etc/myca.crt --cert /etc/myclient.pem: --cert-type PEM --get https://example.com

but I get the same error.

I am making the call to cURL from within a Perl script, so I need to find a way that will not prompt me for the password. I am using cURL 7.15.5 on RHEL 5.

Thank you.

like image 243
Stuart Avatar asked Feb 27 '15 14:02

Stuart

People also ask

How do I bypass SSL verification in curl?

To bypass SSL certificate validation for local and test servers, you can pass the -k or --insecure option to the Curl command. This option explicitly tells Curl to perform "insecure" SSL connections and file transfers. Curl will ignore any security warnings about an invalid SSL certificate and accept it as valid.

How do I bypass username and password in REST API curl?

For example, if a website has protected content curl allows you to pass authentication credentials. To do so use the following syntax: curl --user "USERNAME:PASSWORD" https://www.domain.com . “USERNAME” must be replaced with your actual username in quotes.

How do you pass the certificate path in curl command?

This can be changed at compile time with curl by passing --with-ca-path=DIRECTORY when building curl but I'd recommend leaving it as is. Better yet, find out what CA path/file your OS and/or OpenSSL are using and add the relevant certificate there.

How does curl verify SSL certificate?

libcurl performs peer SSL certificate verification by default. This is done by using a CA certificate store that the SSL library can use to make sure the peer's server certificate is valid.

1 Answers

You can make use of the --pass switch:

--pass <phrase>                  (SSL/SSH) Passphrase for the private key

To pass an empty passphrase you can use:

--pass ''
like image 53
C.Vergnaud Avatar answered Sep 18 '22 14:09

C.Vergnaud
Sign in to Comment

Related questions

How to start a trusted TLS connection with a server by IP address using HttpClient in C#?
how to use non password protected (.p12) ssl certificate in spring boot
Homebrew on macOS: brew update says LibreSSL error: SSL_ERROR_SYSCALL, errno 54
How can I check for SSL vulnerabilities on my web server?
Managing SSL certs for a multi-tenant website
SSL Authentication with Certificates: Should the Certificates have a hostname?
Using libcurl & SSL
Unable to trust a self signed certificate on iphone
Some understanding gaps about Public Key Infrastructure workflow
Android 2.3.4 SSL problem
In Python 3.2, I can open and read an HTTPS web page with http.client, but urllib.request is failing to open the same page
What URLs on an https page need to be https?
IIS 7 How to map a client certificate with a user account in a database?
Application Initialization Module for IIS 7.5 issue
HttpWebRequest doesn't seem to be sending a client SSL certificate
Installing an ssl certificate with godaddy [closed]
Trying to implement HTTPS on selected pages which are making POST request
What is the most efficient code to detect and redirect SNI supported browsers?
Groovy SSL signature verification: signature length not correct?
How to use spiderable with a meteor app hosted on modulus.io

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!