I am testing a web service protected with mtls. I have issued both client and server certificates (for testing purposes) and added the server certificate to trust store. The following command works on Ubuntu but not on Centos 7:
curl --cert MY_CLIENT_CERTIFICATE.pem https://MY_URL
On centos 7 (cURL v. 7.29), it returns:
cURL error 35: sl error: you are attempting to import a cert with the same issuer/serial as an existing cert
Do I understand it correctly that cURL does not allow me to issue both client and server certificates using the same issuer? Is there a workaround?
CodePudding user response:
... cURL does not allow me to issue both client and server certificates using the same issuer
It is not about the same issuer but about the same issuer and serial number:
... you are attempting to import a cert with the same issuer/serial as an existing cert
If the same serial number is used for different certificates issued by the same CA then the certificate issuing process is broken: different certificates issued by the same CA MUST have different serial numbers. You need to fix this process and not try to work around it.
CodePudding user response:
Updating curl
fixed the problem