curl命令 - 无法加载客户端证书-8018 [英] curl command - Unable to load client cert -8018

问题描述

我尝试使用curl命令通过代理连接到安全的网络服务，但我收到以下错误：

I'm trying to connect to a secure webservice throught a proxy using the curl command, but I get the follow error:

完成日志：

[e-ballo@myserver]#   curl  -v -x proxy01.net:8080 https://endPointURL.com/SOAP --key ./cert.crt --cert ./cert.crt -capath=/etc/pki/tls/certs
* About to connect() to proxy proxy01.net port 8080 (#0)
*   Trying 10.0.3.64... connected
* Connected to proxy01.net (10.0.3.64) port 8080 (#0)
* Establish HTTP proxy tunnel to endPointURL.com:443
> CONNECT endPointURL.com:443 HTTP/1.1
> Host: endPointURL.com:443
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.14.3.0 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Proxy-Connection: Keep-Alive
>
< HTTP/1.0 200 Connection established
<
* Proxy replied OK to CONNECT request
* Initializing NSS with certpath: sql:/home/e-ballo/
* Unable to initialize NSS database
* Initializing NSS with certpath: none
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* Unable to load client cert -8018.
* NSS error -8018
* Closing connection #0
curl: (58) Unable to load client cert -8018.

任何想法这个错误是什么意思？

Any idea what this error means ? and how can I fix it ?

提前感谢，

推荐答案

我已经解决了这个问题，所以我会post解决方案。也许可以帮助某人。

I already fixed this problem, so I will post the solution. Maybe can help to somebody.

我的curl版本是用Netscape安全系统（NSS）库而不是openSSL库编译的。使用这两个库编译的curl版本使用不同的证书访问方法。我调用一个平面文件，这是openSSL方法。
另一个解决方案是获取NSS安装（在大多数Red Hat衍生产品上已经存在）并创建一个cert9.db文件，导入您的证书和密钥（在转换为带有openssl的P12之后，不要忘记添加freindlyName或昵称）到该数据库中使用pk12util。然后你通过它的昵称调用证书，并给出db的密码。

My version of curl was compiled with the Netscape Security System (NSS) libraries instead of the openSSL libraries. Versions of curl compiled with these two libraries use different certificate access methods. I was calling a flat file, which is the openSSL method. Another solution will be get NSS installed, (already there on most Red Hat derivatives) and create a cert9.db file, import your certificate and key (after converting to a P12 with openssl -don't forget to add a "freindlyName" or nickname) into that db using pk12util. Then you call the cert by it's nickname and give the password for the db.

另一个选项是使用openssl库获取或编译curl的版本。 RedHat 5，ubuntu或windows版本的curl经常已经这样编译。 Red Hat 6带有为NSS编译的curl。

The other option is get or compile a version of curl using the openssl libraries. RedHat 5, ubuntu or windows versions of curl are frequently already compiled that way. Red Hat 6 comes with curl compiled for NSS.

这篇关于curl命令 - 无法加载客户端证书-8018的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！