SyntaxFix

[linux] Using client certificate in Curl command

Curl Command:

curl -k -vvvv \
  --request POST \
  --header "Content-Type: application/json" \
  --cert client.pem:password \
  --key key.pem \
  "https://test.com:8443/testing"

I am trying to send a client certificate using Curl command specified above. I am trying to know the following:

  1. What is the HTTP request header that I should be looking at the server side to pull out the client certificate from the HTTP Request.

  2. If I cannot pull out the client certificate on the server side from the HTTP Request, can I add a custom request header in the HTTP Request and send the client certificate as a value of that custom header. It would be great if someone could provide me an example of this approach.

This question is related to linux curl https certificate request-headers

The answer is

TLS client certificates are not sent in HTTP headers. They are transmitted by the client as part of the TLS handshake, and the server will typically check the validity of the certificate during the handshake as well.

If the certificate is accepted, most web servers can be configured to add headers for transmitting the certificate or information contained on the certificate to the application. Environment variables are populated with certificate information in Apache and Nginx which can be used in other directives for setting headers.

As an example of this approach, the following Nginx config snippet will validate a client certificate, and then set the SSL_CLIENT_CERT header to pass the entire certificate to the application. This will only be set when then certificate was successfully validated, so the application can then parse the certificate and rely on the information it bears.

server {
    listen 443 ssl;
    server_name example.com;
    ssl_certificate /path/to/chainedcert.pem;  # server certificate
    ssl_certificate_key /path/to/key;          # server key

    ssl_client_certificate /path/to/ca.pem;    # client CA
    ssl_verify_client on;
    proxy_set_header SSL_CLIENT_CERT $ssl_client_cert;

    location / {
        proxy_pass http://localhost:3000;
    }
}

This is how I did it:

curl -v \
  --key ./admin-key.pem \
  --cert ./admin.pem \
  https://xxxx/api/v1/

Source: Stackoverflow.com

Examples related to linux

grep's at sign caught as whitespace How to prevent Google Colab from disconnecting? "E: Unable to locate package python-pip" on Ubuntu 18.04 How to upgrade Python version to 3.7? Install Qt on Ubuntu Get first line of a shell command's output Cannot connect to the Docker daemon at unix:/var/run/docker.sock. Is the docker daemon running? Run bash command on jenkins pipeline How to uninstall an older PHP version from centOS7 How to update-alternatives to Python 3 without breaking apt?

Examples related to curl

What is the incentive for curl to release the library for free? curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number Converting a POSTMAN request to Curl git clone error: RPC failed; curl 56 OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 10054 How to post raw body data with curl? Curl : connection refused How to use the curl command in PowerShell? Curl to return http status code along with the response How to install php-curl in Ubuntu 16.04 curl: (35) SSL connect error

Examples related to https

What's the net::ERR_HTTP2_PROTOCOL_ERROR about? Requests (Caused by SSLError("Can't connect to HTTPS URL because the SSL module is not available.") Error in PyCharm requesting website Android 8: Cleartext HTTP traffic not permitted ssl.SSLError: tlsv1 alert protocol version Invalid self signed SSL cert - "Subject Alternative Name Missing" How do I make a https post in Node Js without any third party module? Page loaded over HTTPS but requested an insecure XMLHttpRequest endpoint How to force Laravel Project to use HTTPS for all routes? Could not create SSL/TLS secure channel, despite setting ServerCertificateValidationCallback Use .htaccess to redirect HTTP to HTTPs

Examples related to certificate

Distribution certificate / private key not installed When you use 'badidea' or 'thisisunsafe' to bypass a Chrome certificate/HSTS error, does it only apply for the current site? Cannot install signed apk to device manually, got error "App not installed" Using client certificate in Curl command Convert .cer certificate to .jks SSL cert "err_cert_authority_invalid" on mobile chrome only Android Studio - Unable to find valid certification path to requested target SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch Verify a certificate chain using openssl verify Import Certificate to Trusted Root but not to Personal [Command Line]

Examples related to request-headers

REST API - Use the "Accept: application/json" HTTP Header Using client certificate in Curl command How to get access to HTTP header information in Spring MVC REST controller?

Tags

Rfc5322 Moosex-types Retrospectiva Mongoid Ssim Altivec Bda Servicecontract Pdl Rightfax Flashpaper Irc Fan-page File-not-found Overflow Physics Cookie-path Non-virtual-interface Wxglcanvas Grok Speed-test Username Less Maven-release-plugin Loginstatus Stream-cipher Inbox Monitor Defined Modal-window Xenocode Iswitchb-mode Qabstractlistmodel Text-compression Runtime Tobago Exc-bad-access Cgeventtap Virtual-earth Dof-file Nsmenu Qmake Fileset Dead-code G77 Unit-conversion Corpus Pmd Hidden Bapi Arrange-act-assert Sdcc Attributes Rfc2822 Jasper-plugin Nsresponder Agda Http-content-length Aslr Objective-c-blocks Visual-c++ Data-containers Urlclassloader Jitterbit Rows Database-connection Port-number Sortcomparefunction Ws-eventing Onenote R-tree Brute-force Pthreads Intersection Stretch Ora-00918 Derived Sbt Desktop Android-contentprovider Viper-mode Theory Custom-events Managed-code Qtextedit Sentry Tbb Cloudfiles Wssf Http-get Microsoft-distributed-file-system Webrat Garbage Project-settings Pci-bus Partial-page-refresh Atmosphere Special-form Distinct-values Nspathcontrol