无法使用libcurl的访问要求客户端身份验证的网站 [英] Unable to use libcurl to access a site requiring client authentication
问题描述
我用下面的剪断,用于设置客户端身份验证证书和密钥。
I’m using the below snipped for setting the certificate and key for client authentication.
curl_easy_setopt(curl,CURLOPT_SSLCERT,"clientCert.pem");
curl_easy_setopt(curl,CURLOPT_SSLCERTPASSWD,"changeit");
curl_easy_setopt(curl,CURLOPT_SSLCERTTYPE,"PEM");
curl_easy_setopt(curl,CURLOPT_SSLKEY,"privateKey.pem");
curl_easy_setopt(curl,CURLOPT_SSLKEYPASSWD,"changeit");
curl_easy_setopt(curl,CURLOPT_SSLKEYTYPE,"PEM");
该证书没有密码,我不知道为什么在地球上的选项SSLCERTPASSWD存在,我只是提供了一个虚拟的值。
当我在Linux上运行的程序,我得到的58错误code和错误消息
无法设置私钥文件:privateKey.pem类型PEM
The certificate doesn’t have a password, I don’t know why on earth the option SSLCERTPASSWD exists, I just provided a dummy value. When I run the program on Linux I get an error code of 58 and an error message unable to set private key file: 'privateKey.pem' type PEM
在Windows上,但是我得到
无法使用客户端证书(无钥匙上发现或错误口令?)
On Windows however I get unable to use client certificate (no key found or wrong pass phrase?)
这似乎暗示了证书和密钥不匹配,但我不知道怎么办。我已经提取这两个证书,并使用OpenSSL的命令的P12文件的关键。
我用来提取关键的命令是
It seems to suggest the certificate and the key don’t match but I don’t know how. I have extracted both the cert and the key from a p12 file using openssl commands. The command I used to extract the key is
openssl.exe pkcs12 -in client.p12 -nocerts -out privateKey.pem
和用于提取证书的指令是
and the command used to extract the cert is
openssl.exe pkcs12 -in client.p12 -nokeys -out clientCert.pem
该P12文件已成功应用在浏览器访问客户端身份验证URL。
之前我拍我请大家帮帮忙。
The p12 file has been successfully used in a browser to access the client authentication url. Please help before I shoot myself.
编辑:
这里是证明私有密钥和证书相互对应的
Here is proof that the private key and the certificate correspond to each other:
[debugbld@nagara ~/curlm]$ openssl x509 -noout -modulus -in clientCert.pem | openssl md5
d7207cf82b771251471672dd54c59927
[debugbld@nagara ~/curlm]$ openssl rsa -noout -modulus -in privateKey.pem | openssl md5
Enter pass phrase for privateKey.pem:
d7207cf82b771251471672dd54c59927
那么,为什么不能工作?
So why can’t it work?
推荐答案
使用命令行卷曲,我已经使用也与OpenSSL的从P12文件获得了.pem文件,该P12也得到了同样的错误能够正常工作在浏览器中导入时做客户端验证。就像你所说的,我想。
Using the command line curl, I've got the same error using a .pem file that was also obtained with openssl from a p12 file, The p12 was also able to working properly doing client authentication when imported in a browser. Just like you described, I think.
我的问题是因为.pem文件没有列出正确的顺序证书造成的:似乎在文件中的每个证书都必须遵循它的颁发者证书。 我编辑的文件,并改变了部分的顺序和卷曲很高兴
My problem was caused because the .pem file was not listing the certificates in the proper order: seems that each certificate in the file has to be followed by its issuer certificate. I edited the file and changed the order of the sections and curl was happy.
有关纪录,被从Firefox备份的证书得到我最初的.p12文件。
For the record, my original .p12 file was obtained by backing up a certificate from Firefox.
另外请注意,在我的情况,我没有得到提示输入密码,并获得
Also note that in my case, I was not getting prompted for the password and was getting the
curl: (58) unable to set private key file: 'alice.pem' type PEM
密码提示之前
这篇关于无法使用libcurl的访问要求客户端身份验证的网站的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!