bash 脚本中带有 PKCS#12 证书的 cURL [英] cURL with a PKCS#12 certificate in a bash script

问题描述

我必须连接到一个网络服务，一个 pkcs12 证书是必须的.这个想法是在 bash 脚本中使用 curl(在 OS X 下，具体来说).

i have to connect to a webservice, where a pkcs12 certificate is a must. the idea was to use curl in a bash script (under OS X, to be specific).

我了解到 curl 在通信中不能做的少数事情之一是处理 pkcs12 证书 (.p12).我有哪些选择?

i have learnt that one of the few things curl cannot do in communication, is handling pkcs12 certificates (.p12). what are my options?

我已经读过将证书转换为 PEM 格式会起作用(使用 openssl)，但是我不知道如何告诉 curl 它获得了 PEM 并且应该与请求 PKCS12 证书的网络服务进行通信.

i have read that converting the certificate to PEM format would work (using openssl), however i have no idea how to tell curl that it gets a PEM and should communicate with a webservice requesting PKCS12 certificates.

将 pkcs12 转换为 pem 会像这样完成(例如)，它对我有用，但是我还没有成功地将它们与 curl 一起使用:

converting pkcs12 to pem would be done like this (e.g.), it worked for me, however i haven't successfully used them with curl:

openssl pkcs12 -in mycert.p12 -out file.key.pem -nocerts -nodes
openssl pkcs12 -in mycert.p12 -out file.crt.pem -clcerts -nokeys

有什么提示吗?或者，任何卷曲的替代品?解决方案应该基于命令行.

any hints? or, any alternatives to curl? the solution should be commandline based.

推荐答案

我想你已经解决了，但我遇到了同样的问题.我回答分享我的解决方案.

I think you have allready resolved but i had a the same problem. I answer for share my solution.

如果您有一个 .p12 文件，那么您的方法是正确的.首先，您必须从 p12 文件中获取证书和密钥.例如，如果您有一个 mycert.p12 文件，请执行

If you have a .p12 file your approach is right. First of all you have to get the cert and the key separated from the p12 file. As an example, if you have a mycert.p12 file execute

openssl pkcs12 -in mycert.p12 -out file.key.pem -nocerts -nodes
openssl pkcs12 -in mycert.p12 -out file.crt.pem -clcerts -nokeys

然后您必须调用您的网址.例如假设您想获取特定网络服务的 wsdl

Then you have to make the call to your url. For instance assume that you want to get the wsdl of a specific webservice

curl -E ./file.crt.pem --key ./file.key.pem https://myservice.com/service?wsdl

如果文件 file.crt.pem 和 file.key.pem 在您的工作文件夹中，./"是必需的.

If the files file.crt.pem and file.key.pem are in your working folder "./" is mandatory.

这篇关于bash 脚本中带有 PKCS#12 证书的 cURL的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！