Use Digital Certificates issued by a Certification Authority (CA) with curl

I have a .cer (Digital Certificate) file, .pfx (Personal Information Exchange file i.e., the private key for the certificate). I cannot use either of these to authenticate to the web service as curl would not accept these formats.

The solution:

  1. Convert it into PEM format (X.509 certificate) using openssl.
    openssl pkcs12 -in abcd.pfx -out abcd.pem

    Enter a passphrase and a password.

  2. Still you cannot use this with curl because you’d get a few errors.
  3. Convert this PEM certificate into three different certificates for the client, the private key and the certification authority certificate.
    openssl pkcs12 -in abcd.pfx -out ca.pem -cacerts -nokeys
    openssl pkcs12 -in abcd.pfx -out client.pem -clcerts -nokeys
    openssl pkcs12 -in abcd.pfx -out key.pem -nocerts
  4. Use the following command:
    curl -k https://www.thesitetoauthenticate.com/test -v --key key.pem --cacert ca.pem --cert client.pem

Leave a Reply

Your email address will not be published. Required fields are marked *

*