The --cert option asks for a client "certificate", not for a server certificate.
That's not your parameter. :-)
You need to use the --cacert parameter, and well, AFAIR, you cannot use in general a server with a self signed cert in this case: Create your own ca (this is just as simple as a self signed server cert), and then create a server cert signed by this ca, and use the --cacert together with the self signed certificate of the CA. I put "certificate" in quotes because of the common misuse of the language. For a client cert, it contains what in French is called "bi-clef", i.e. both a (may be certified) public key, and a private key. Or, in other words, for the CA in question, only give the self signed .crt file (pem or der), not the private key of the ca to the curl user. Olaf Gellert wrote:
Philippe de Rochambeau wrote:Hello, I have just generated a self-signed certificate as follows: openssl x509 -req -days 365 -in my.domain.csr -signkey my.domain.key -out my.domain.cert What format is my.domain.cert now in?OpenSSL uses PEM format as default. There are options to generate other output formats (-outform) but this is not necessary for curl.I am asking this because I am trying to use this certificate with curl as in curl --cert my.domain.cert https://my.secure.server But when I do that, I get the following message: curl: (35) unable to set private key file Any help with this matter would be much appreciated.I guess you have to tell curl where to find the secret key (the certificate file only contains your public key). There is a curl option called "--key", so something like: curl --cert my.domain.cert --key your.key.file https://my.secure.server will probably work.
I have some doubts here. How would you configure any reasonable ssl web server to accept such a CLIENT cert?
Cheers, Olaf
--To verify the signature, see http://edelpki.edelweb.fr/ Cela vous permet de charger le certificat de l'autorité; die Liste mit zurückgerufenen Zertifikaten finden Sie da auch.
smime.p7s
Description: S/MIME Cryptographic Signature
