curl：（58）无法加载客户端密钥-8178 [英] curl: (58) Unable to load client key -8178

问题描述

我遇到了一个SSL问题与 curl 命令。我想使用我的SSL用户端凭证和私人密钥连到网址。

这是我的命令：

  $ curl -k -vhttps://myurl.com/--cert ./certificate.pem --key ./private.key 
 
 *关于连接（）到xx.xx.xx.xx端口23444（＃0）
 *尝试xx.xx.xx.xx ...连接
 *连接到xx.xx.xx.xx （xx.xx.xx.xx）port 23444（＃0）
 *使用certpath：sql初始化NSS：/ etc / pki / nssdb 
 *警告：忽略ssl.verifyhost的值
 *无法加载客户端密钥-8178。 
 * NSS错误-8178 
 *关闭连接＃0 
 curl：（58）无法加载客户端密钥-8178。 
  

密钥受密码保护， curl 不要求我输入密码，这是很奇怪的。即使我通过密码 - pass ，我仍然得到相同的错误。

不考虑参数 - key ，因为如果我替换为 foo.key 文件系统，我仍然得到相同的错误。

但是，如果使用：

  $ wget --certificate =。/ certificate.pem --private-key = private.keyhttps://myurl.com/--no-check-certificate 
  
 
 
 
我可以找到我的网址。
 
 
 
 p> 
 
解决方案
我经历了同样的情况，我发现解决方案终于，也许会帮助你。
 
 
 
失败的原因是PKCS＃8私钥格式：
 
 
 
 
 
 
 8私人密钥
 
  ----- BEGIN加密私人密钥----- 标题
 
或
 
  ----- BEGIN PRIVATE KEY ----- 标题
 
 
 
使用此键 curl  +  openssl 可以工作，但不能使用 curl  +  nss  +  libnsspem.so  
 
 
 
 
键
 
  ----- BEGIN RSA私人密钥----- 标题
 
 
 
 both  curl  +  openssl 和 curl  +  nss  +  libnsspem.so 将工作。 
 
 
 
 
 
 
所以使用这个命令
 code> openssl rsa -in key.pem -out newkey.pem 
  
删除通票RSA私钥上的短语。
 
I am facing an SSL issue with the curlcommand. I want to reach an URL using my SSL client certificate and private key.

This is my command:
$ curl -k -v "https://myurl.com/" --cert ./certificate.pem --key ./private.key

* About to connect() to xx.xx.xx.xx port 23444 (#0)
*   Trying xx.xx.xx.xx... connected
* Connected to xx.xx.xx.xx (xx.xx.xx.xx) port 23444 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* warning: ignoring value of ssl.verifyhost
* Unable to load client key -8178.
* NSS error -8178
* Closing connection #0
curl: (58) Unable to load client key -8178.
The key is password protected, curl is not asking me to enter the password, which is very strange. Even if I pass the password with --pass, I still get the same error.

It seems that the argument --key is not considered, because If I replaced with foo.key, which doesn't exist on my filesystem, I still get the same error.

However, If use:
$ wget --certificate=./certificate.pem --private-key=private.key "https://myurl.com/" --no-check-certificate
I am able to reach my URL.

Do you have any idea?
解决方案
I have gone through the same situation, and I found solution finally, maybe it will help you.

The failure was due to the PKCS#8 private key format:   


With a PKCS#8 private key

   -----BEGIN ENCRYPTED PRIVATE KEY----- header

or

   -----BEGIN PRIVATE KEY----- header  

With this Key curl + openssl will works, but not  curl + nss + libnsspem.so
With a RSA private key

   -----BEGIN RSA PRIVATE KEY----- header  

both curl + openssl and curl + nss + libnsspem.so will work. 


So use this command 
openssl rsa -in key.pem -out newkey.pem
to remove the pass phrase on an RSA private key.

                        
这篇关于curl：（58）无法加载客户端密钥-8178的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！