Archive

Posts Tagged ‘curl’

cURL to access Https server

May 19, 2016 Leave a comment

Problem:
You need to access a https server using curl.

Solution:
Use –cert and –key options in curl. As per the man.


-E, –cert
(SSL) Tells curl to use the specified client certificate file when getting a file
with HTTPS, FTPS or another SSL-based protocol. The certificate must be in
PKCS#12 format if using Secure Transport, or PEM format if using any other
engine. If the optional password isn’t specified, it will be queried for on the
terminal. Note that this option assumes a “certificate” file that is the private
key and the private certificate concatenated! See –cert and –key to specify
them independently.
…skipping…
–key
(SSL/SSH) Private key file name. Allows you to provide your private key in this
separate file.

If this option is used several times, the last one will be used.
-k, –insecure
(SSL) This option explicitly allows curl to perform “insecure” SSL connections
and transfers. All SSL connections are attempted to be made secure by using the
CA certificate bundle installed by default. This makes all connections considered
“insecure” fail unless -k, –insecure is used.

See this online resource for further details:
http://curl.haxx.se/docs/sslcerts.html

Examples:

# This attempt fails.
$ curl https://server.example.com
<html>
<head><title>400 No required SSL certificate was sent</title></head>
<body bgcolor="white">
<center><h1>400 Bad Request</h1></center>
<center>No required SSL certificate was sent</center>
<hr><center>nginx/1.4.6 (Ubuntu)</center>
</body>
</html>
# This attempt to bypass fails.
$ curl --insecure https://server.example.com
<html>
<head><title>400 No required SSL certificate was sent</title></head>
<body bgcolor="white">
<center><h1>400 Bad Request</h1></center>
<center>No required SSL certificate was sent</center>
<hr><center>nginx/1.4.6 (Ubuntu)</center>
</body>
</html>
# This works.
$ curl --cert /path/to/certifcate/client.crt --key /path/to/key/client.key https://server.example.com
<html>
  <head>
    <title>Server Example</title>
  </head>


<frameset rows="60,*" frameborder="1" border="1">
  <frame src="/browser/header/" name="Header" id='header' scrolling="no" noresize="true" />

    <frame src="/composer/?" name="content" id="composerFrame"/>

  </frameset>
</html>
Advertisements
Categories: bash Tags: , ,