Use self signed certificate with cURL

curlsslssl-certificate

I have a flask application running using a self signed certificate. I'm able to send in a curl request using:

curl -v -k -H "Content-Type: application/json" -d '{"data":"value1","key":"value2"}' https://<server_ip>:<port>

The verbose logs show that everything went alright.

I wanted to avoid using the -k (–insecure) option and instead specify a .pem file that curl could use. Looking at the curl man page I found that you could do this using the –cert option.
So I created a .pem file using this:

openssl rsa -in server.key -text > private.pem

CURL throws me this error when using the private.pem file:

curl: (58) unable to use client certificate (no key found or wrong pass phrase?)

Any suggestions? – or is this only possible with a properly signed certificate?

Tnx

Best Answer

This is just another version of this question: Using openssl to get the certificate from a server

Or put more bluntly:

Using curl --cert is wrong, it is for client certificates.

First, get the the certs your server is using:

$ echo quit | openssl s_client -showcerts -servername server -connect server:443 > cacert.pem

(-servername is necessary for SNI so that you get the right virtual server's certificate back)

Then make your curl command line use that set to verify the server in subsequent operations:

$ curl --cacert cacert.pem https://server/ [and the rest]

Related Solutions

How to send a header using a HTTP request through a cURL call

man curl:

   -H/--header <header>
          (HTTP)  Extra header to use when getting a web page. You may specify
          any number of extra headers. Note that if you should  add  a  custom
          header that has the same name as one of the internal ones curl would
          use, your externally set header will be used instead of the internal
          one.  This  allows  you  to make even trickier stuff than curl would
          normally do. You should not replace internally set  headers  without
          knowing  perfectly well what you're doing. Remove an internal header
          by giving a replacement without content on the  right  side  of  the
          colon, as in: -H "Host:".

          curl  will  make sure that each header you add/replace get sent with
          the proper end of line marker, you should thus not  add  that  as  a
          part  of the header content: do not add newlines or carriage returns
          they will only mess things up for you.

          See also the -A/--user-agent and -e/--referer options.

          This option can be used multiple times to add/replace/remove  multi-
          ple headers.

Example:

curl --header "X-MyHeader: 123" www.google.com

You can see the request that curl sent by adding the -v option.

Json – How to POST JSON data with cURL

You need to set your content-type to application/json. But -d (or --data) sends the Content-Type application/x-www-form-urlencoded, which is not accepted on Spring's side.

Looking at the curl man page, I think you can use -H (or --header):

-H "Content-Type: application/json"

Full example:

curl --header "Content-Type: application/json" \
  --request POST \
  --data '{"username":"xyz","password":"xyz"}' \
  http://localhost:3000/api/login

(-H is short for --header, -d for --data)

Note that -request POST is optional if you use -d, as the -d flag implies a POST request.

On Windows, things are slightly different. See the comment thread.

Best Answer

Related Solutions

How to send a header using a HTTP request through a cURL call

Example:

Json – How to POST JSON data with cURL

Related Topic