0

It is possible to perform a curl request to a website under https if all I have is a pfx? When I run:

curl -k -v --insecure --cert client.pem:1234 --key privkey.pem "https://testurl/service/RESTService/GetCustomers"

I get the error:

failed to import cert file 0x80092002.

There is something wrong with the exported pem and maybe it is causes by the pfx which is not possible to export.

EDIT: KeyStore Explorer

EDIT 2: enter image description here

jos3m
  • 117
  • 1
  • 11
  • 1
    What is contained in the pfx files? A certificate (chain) of the server or a private key plus certificate for HTTPS client authentication? – Robert Mar 02 '23 at 21:38
  • How can I check it? I own the pfx file and if I install it I am able to access to the url and log in correctly, so must be complete, the problem is when I split it to execute curl. – jos3m Mar 03 '23 at 07:05
  • 1
    You ask the person you got the pfy file from or you look into the pfx file e.g. using a tool like https://keystore-explorer.org and see if it contains just a certificate chain or also a private key. – Robert Mar 03 '23 at 08:04
  • I installed KeyStore Explorer as you told me but I don't know how to identify if it includes both the certificate chain and the private key, I will edit to add a screenshot. – jos3m Mar 03 '23 at 08:51
  • 1
    The screen shot only shows the certificate extensions. In the main view select the first column and look at the tooltip. – Robert Mar 03 '23 at 10:05
  • I don't understand you fully, sorry, maybe my keystore version is different, but this is what you meant? – jos3m Mar 03 '23 at 11:18
  • 1
    The keystore seems to contain a key pair thus it is designed to be used for https client authentication. Inside KeystoreExplorer you can open context menu of the entry -> Export -> Export Key pair -> PEM. These files should be usable by curl. – Robert Mar 03 '23 at 11:22
  • Not working when I run curl "https://www.myurl.com" --cert keypair.pem:1111, at least and thank to you, I can be sure that the certificate is correct, so it must be a curl problem apparently. – jos3m Mar 03 '23 at 11:39

1 Answers1

0

I was not able to make it work so I found an example here in the communuty with C# which also suits me because I intended to create a bat with curl and I will replace it with a exe. Thanks for your help Robert. Post link: Force HttpWebRequest to send client certificate

jos3m
  • 117
  • 1
  • 11