I am using Windows...
When I run the following curl command through gitbash it works fine:
curl --cacert ca.crt --key client.key --cert client.crt "https://myurl"
However, if I try to run the same command in command prompt or Powershell, I get this error:
curl: (58) schannel: Failed to import cert file client.crt, last error is 0x80092002
What do I need to do to get the command working in Command Prompt or Powershell?
CodePudding user response:
You are providing your client certificate in the wrong format. curl
requires the certificate in the PEM format (source):
-E/--cert <certificate[:password]> (SSL) Tells curl to use the specified certificate file when getting a file with HTTPS or FTPS. The certificate must be in PEM format. If the optional password isn't specified, it will be queried for on the terminal. Note that this option assumes a "certificate" file that is the private key and the private certificate concatenated! See --cert and --key to specify them independently. If curl is built against the NSS SSL library then this option can tell curl the nickname of the certificate to use within the NSS database defined by the environment variable SSL_DIR (or by default /etc/pki/nssdb). If the NSS PEM PKCS#11 module (libnsspem.so) is available then PEM files may be loaded. If you want to use a file from the current directory, please precede it with "./" prefix, in order to avoid confusion with a nickname. If this option is used several times, the last one will be used.
Your certificate might be in the DER format or contain a whole certificate chain instead of your single client certificate.
CodePudding user response:
Windows version of curl.exe is not configured to work with openssl but git's is.
So to make sure whenever I typed 'curl' into a command prompt, it was using git's version of curl I added the path to git's curl (C:\Program Files\Git\mingw64\bin) in system environment variables and moved it right to the top…so it find’s git’s curl before it finds window’s curl.
After then restarted the command prompt it resolved the issue.