Java CURL 传递 SSL 证书和密码
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/19014541/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
CURL to pass SSL certifcate and password
提问by Adam
I need to specify a certificate with CURL i tried with --cert option it is not working.
我需要使用 CURL 指定一个证书,我尝试使用 --cert 选项它不起作用。
Could you please let me know to specify the keystore and passpharse while invoking with curl?
您能否让我知道在使用 curl 调用时指定密钥库和密码?
回答by Welsh
Should be:
应该:
curl --cert certificate_file.pem:password https://www.example.com/some_protected_page
回答by vionixt
Addition to previous answer make sure that your curl installation supports https.
You can use curl --versionto get information about supported protocols.
If your curl supports https follow the previous answer.
除了先前的答案,请确保您的 curl 安装支持 https。
您可以使用curl --version获取有关支持的协议的信息。
如果您的 curl 支持 https,请遵循上一个答案。
curl --cert certificate_path:password https://www.example.com
curl --cert certificate_path:password https://www.example.com
If it does not support https, you need to install a cURL version that supports https.
如果不支持https,则需要安装支持https的cURL版本。
回答by Carl Zmola
I went through this when trying to get a clientcert and private key out of a keystore.
我在尝试从密钥库中获取客户端证书和私钥时经历了这个过程。
The link above posted by welsh was great, but there was an extra step on my redhat distribution. If curl is built with NSS ( run curl --versionto see if you see NSS listed) then you need to import the keys into an NSS keystore. I went through a bunch of convoluted steps, so this may not be the cleanest way, but it got things working
上面由 welsh 发布的链接很棒,但在我的 redhat 发行版上还有一个额外的步骤。如果 curl 是使用 NSS 构建的(运行curl --version以查看是否列出了 NSS),那么您需要将密钥导入 NSS 密钥库。我经历了一堆错综复杂的步骤,所以这可能不是最干净的方法,但它使事情正常进行
So export the keys into .p12
所以将密钥导出到 .p12
keytool -importkeystore -srckeystore $jksfile -destkeystore $p12file \ -srcstoretype JKS -deststoretype PKCS12 \ -srcstorepass $jkspassword -deststorepass $p12password -srcalias $myalias -destalias $myalias \ -srckeypass $keypass -destkeypass $keypass -noprompt
keytool -importkeystore -srckeystore $jksfile -destkeystore $p12file \ -srcstoretype JKS -deststoretype PKCS12 \ -srcstorepass $jkspassword -deststorepass $p12password -srcalias $myalias -destalias $myalias \ -srckeypass $keypass -destkeypass $keypass -noprompt
And generate the pem file that holds only the key
并生成只保存密钥的pem文件
echo making ${fileroot}.key.pem openssl pkcs12 -in $p12 -out ${fileroot}.key.pem \ -passin pass:$p12password \ -passout pass:$p12password -nocerts
echo making ${fileroot}.key.pem openssl pkcs12 -in $p12 -out ${fileroot}.key.pem \ -passin pass:$p12password \ -passout pass:$p12password -nocerts
- Make an empty keystore:
- 创建一个空的密钥库:
mkdir ~/nss chmod 700 ~/nss certutil -N -d ~/nss
mkdir ~/nss chmod 700 ~/nss certutil -N -d ~/nss
- Import the keys into the keystore
- 将密钥导入密钥库
pks12util -i <mykeys>.p12 -d ~/nss -W <password for cert >
pks12util -i <mykeys>.p12 -d ~/nss -W <password for cert >
Now curl should work.
现在 curl 应该可以工作了。
curl --insecure --cert <client cert alias>:<password for cert> \ --key ${fileroot}.key.pem <URL>
curl --insecure --cert <client cert alias>:<password for cert> \ --key ${fileroot}.key.pem <URL>
As I mentioned, there may be other ways to do this, but at least this was repeatable for me. If curl is compiled with NSS support, I was not able to get it to pull the client cert from a file.
正如我所提到的,可能还有其他方法可以做到这一点,但至少这对我来说是可以重复的。如果 curl 是使用 NSS 支持编译的,我无法让它从文件中提取客户端证书。
