bash 脚本中带有 PKCS#12 证书的 cURL
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/32253909/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
cURL with a PKCS#12 certificate in a bash script
提问by svenson
i have to connect to a webservice, where a pkcs12 certificate is a must. the idea was to use curl in a bash script (under OS X, to be specific).
我必须连接到一个网络服务,一个 pkcs12 证书是必须的。这个想法是在 bash 脚本中使用 curl (在 OS X 下,具体来说)。
i have learnt that one of the few things curl cannot do in communication, is handling pkcs12 certificates (.p12). what are my options?
我了解到 curl 在通信中无法做的少数事情之一是处理 pkcs12 证书 (.p12)。我有哪些选择?
i have read that converting the certificate to PEM format would work (using openssl), however i have no idea how to tell curl that it gets a PEM and should communicate with a webservice requesting PKCS12 certificates.
我已经读过将证书转换为 PEM 格式会起作用(使用 openssl),但是我不知道如何告诉 curl 它获得了 PEM 并且应该与请求 PKCS12 证书的网络服务进行通信。
converting pkcs12 to pem would be done like this (e.g.), it worked for me, however i haven't successfully used them with curl:
将 pkcs12 转换为 pem 会像这样完成(例如),它对我有用,但是我还没有成功地将它们与 curl 一起使用:
openssl pkcs12 -in mycert.p12 -out file.key.pem -nocerts -nodes
openssl pkcs12 -in mycert.p12 -out file.crt.pem -clcerts -nokeys
any hints? or, any alternatives to curl? the solution should be commandline based.
任何提示?或者,任何卷曲的替代品?解决方案应该是基于命令行的。
回答by Smalltree1989
I think you have allready resolved but i had a the same problem. I answer for share my solution.
我想你已经解决了,但我遇到了同样的问题。我回答分享我的解决方案。
If you have a .p12 file your approach is right. First of all you have to get the cert and the key separated from the p12 file. As an example, if you have a mycert.p12 file execute
如果您有一个 .p12 文件,您的方法是正确的。首先,您必须从 p12 文件中获取证书和密钥。例如,如果您有一个 mycert.p12 文件,请执行
openssl pkcs12 -in mycert.p12 -out file.key.pem -nocerts -nodes
openssl pkcs12 -in mycert.p12 -out file.crt.pem -clcerts -nokeys
Then you have to make the call to your url. For instance assume that you want to get the wsdl of a specific webservice
然后你必须调用你的网址。例如假设您想获取特定网络服务的 wsdl
curl -E ./file.crt.pem --key ./file.key.pem https://myservice.com/service?wsdl
If the files file.crt.pem and file.key.pem are in your working folder "./" is mandatory.
如果文件 file.crt.pem 和 file.key.pem 在您的工作文件夹中,则“./”是必需的。
回答by bioffe
Check if you have newer curl. Newer versions can handle PKCS12 outright.
检查您是否有更新的 curl。较新的版本可以完全处理 PKCS12。
curl --cert-type P12 --cert cert.p12:password https://yoursite.com
