Curl and client SSL certs

From: Stephen Haywood 
------------------------------------------------------
I am trying to access a web site with a client side cert using the Curl
command, curl --cert test.crt --key test.key https://someweb.site. Curl
returns this error message: curl: (58) unable to use client certificate (no
key found or wrong pass phrase?). I have verified that the cert and key go
together using openssl x509 -noout -modulus -in test.crt | openssl md5
and openssl
rsa -noout -modulus -in test.key | openssl md5, which both return the same
MD5 sum. I have also verified the key does not have a passphrase using openssl
rsa -in test.key -out test

=============================================================== From: James Nylen ------------------------------------------------------ I haven't done this before, but the man page of curl is somewhat confusing regarding --cert and --key together. Try this (it looks like it worked here http://stackoverflow.com/questions/7677994 ): cat test.crt test.key > test.pem curl --cert test.pem https://someweb.site Are the cert and key files PEM? If not, it looks like you'll need --cert-type and/or --key-type.

=============================================================== From: Stephen Haywood ------------------------------------------------------ James, Thanks for the help. Apparently, the key file was in PEM format but the certificate was not in PEM format. -- Stephen Haywood Information Security Consultant CISSP, GSEC, OSCP T: @averagesecguy W: averagesecurityguy.info