问题描述
我正在尝试对需要客户端证书的第三方API进行测试调用。我使用此命令与openssl生成了一个新的证书:
req -new -newkey rsa:2048 -nodes -out mycsr.csr -keyout mykey.key
然后我发送了他们的csr,他们发回我mycert.crt。我将证书和密钥连在一起:
cat mycert.crt mykey.key> mycertandkey.pem
最后,我将mycert.crt添加到ca证书文件夹和ca证书。 conf&ranupdate-ca-certificates --fresh。
现在,我试图使用以下命令从bash进行curl调用:
curl -X GET --cert mycertandkey.pem -H'Accept-Encoding:gzip,deflate'-H'Content-Type:application / json'https://api.URL.com
我也试过:
curl -X GET --cert mycertandkey.pem --cacert mycert.crt -H'Accept-Encoding:gzip,deflate'-H' Content-Type:application / json'https://api.URL.com
p>
curl -X GET --cert mycertandkey.pem --cacert mycert.crt --key mykey.key -H'Accept-Encoding :gzip,deflate'-H'Content-Type:application / json'https://api.URL.com
$ b b
和我可以想到的每一个其他组合。我总是得到错误 curl:(58)无法使用客户端证书(没有找到密钥或错误的密码短语?)。密钥没有密码。所有的证书/密钥文件都有777权限。
过去我没有使用证书,我觉得我错过了一些东西,特别是因为我似乎只有一个证书。是另一家公司给我的证书cacert还是我的客户端证书?我是否将私钥连接到错误的证书?
我在网上找到了很多零碎的信息,但如果有人知道这个主题的一个很好的教程,我真的很感谢。 / p>
向我的私钥添加密码解决了我的问题。
我使用以下命令添加密码:
ssh-keygen -p -f mykey.key
在成功运行该命令之前,我需要更改密钥文件的权限。 777不够限制,ssh-keygen不会碰它。将权限更改为600.
chmod 600 mykey.key
pre>
添加密码后,我重新创建了.pem文件。现在我可以使用此命令成功地使用curl调用:
curl -X GET --cert mycertandkey.pem:mypassphrase - H'Accept-Encoding:gzip,deflate'-H'Content-Type:application / json'https://api.URL.com
I'm attempting to make test calls to a third-party API that requires a client cert. I generated a new cert using this command with openssl:
req -new -newkey rsa:2048 -nodes -out mycsr.csr -keyout mykey.key
I then sent them the csr, and they sent me back mycert.crt. I concatenated the cert and the key together:
cat mycert.crt mykey.key > mycertandkey.pem
Finally, I added mycert.crt to the ca-certificates folder and ca-certificates.conf and ran "update-ca-certificates --fresh".
Now, I'm trying to make curl call from bash using the following command:
curl -X GET --cert mycertandkey.pem -H 'Accept-Encoding: gzip,deflate' -H 'Content-Type: application/json' https://api.URL.com
I've also tried:
curl -X GET --cert mycertandkey.pem --cacert mycert.crt -H 'Accept-Encoding: gzip,deflate' -H 'Content-Type: application/json' https://api.URL.com
and:
curl -X GET --cert mycertandkey.pem --cacert mycert.crt --key mykey.key -H 'Accept-Encoding: gzip,deflate' -H 'Content-Type: application/json' https://api.URL.com
And every other combination I can think of. I always get the error "curl: (58) unable to use client certificate (no key found or wrong pass phrase?)". The key doesn't have a passphrase. All of the cert/key files have 777 permissions.
I haven't worked much with certs in the past and I feel like I've missed something, especially since I seem to have only one cert. Is the cert that the other company sent me a cacert or is it my client cert? Did I concatenate the private key to the wrong cert?
I've found a lot of piecemeal information about this online, but if anyone knows of a good tutorial on this subject, I'd really appreciate that as well.
解决方案Adding a pass phrase to my private key solved my problem.
I used the following command to add the passphrase:
ssh-keygen -p -f mykey.key
Before I could run that command successfully, I needed to change the permissions on the key file. 777 is not restrictive enough, and ssh-keygen would not touch it. Changing the permissions to 600 fixed that.
chmod 600 mykey.key
After adding the passphrase, I recreated the .pem file. Now I can successfully make curl calls with it using this command:
curl -X GET --cert mycertandkey.pem:mypassphrase -H 'Accept-Encoding: gzip,deflate' -H 'Content-Type: application/json' https://api.URL.com
这篇关于获取(58)无法使用客户端证书(没有找到密钥或错误的密码短语?)从curl的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!