Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
1.3k views
in Technique[技术] by (71.8m points)

ssl - Use self signed certificate with cURL?

I have a flask application running using a self signed certificate. I'm able to send in a curl request using:

curl -v -k -H "Content-Type: application/json" -d '{"data":"value1","key":"value2"}' https://<server_ip>:<port>

The verbose logs show that everything went alright.

I wanted to avoid using the -k (--insecure) option and instead specify a .pem file that curl could use. Looking at the curl man page I found that you could do this using the --cert option. So I created a .pem file using this:

openssl rsa -in server.key -text > private.pem

CURL throws me this error when using the private.pem file:

curl: (58) unable to use client certificate (no key found or wrong pass phrase?)

Any suggestions? - or is this only possible with a properly signed certificate?

Tnx

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

This is just another version of this question: Using openssl to get the certificate from a server

Or put more bluntly:

Using curl --cert is wrong, it is for client certificates.

First, get the the certs your server is using:

$ echo quit | openssl s_client -showcerts -servername server -connect server:443 > cacert.pem

(-servername is necessary for SNI so that you get the right virtual server's certificate back)

Then make your curl command line use that set to verify the server in subsequent operations:

$ curl --cacert cacert.pem https://server/ [and the rest]

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...