You can use the --insecure option to curl without SSL checks
But what if you WANT to use SSL? The curl docs mentions the --cacert option, but its still a little unclear on how to do this.
First you'll need to get the entire certificate path to the https server. You need the entire path because curl does not come with any CA cert info. The cacert option also requires the cert in pem format. Lastly the entire certificate chain should be in 1 file, since the cacert option accepts only 1 file.
1. Get the all the certs from a browser
Get this by clicking on the Lock or Green portion from the address bar
Click on the Connection tab and then "Certificate Information"
Click on the Details tab. Here you can Copy this to a file.
Select the DER encoded binary x.509(.cer) option
Do this for all the entries that show up in the Certificate Path tab (there will be around 3)
2. Convert the .cer files to PEM format with openssl:
3. Now append all these pem files into one repo
Now you can use the certRepo to connect via SSL
curl --insecure -u user:passwd -X GET -H 'Content-Type: application/json' "https//somesecureserver.com/rest/field"
But what if you WANT to use SSL? The curl docs mentions the --cacert option, but its still a little unclear on how to do this.
First you'll need to get the entire certificate path to the https server. You need the entire path because curl does not come with any CA cert info. The cacert option also requires the cert in pem format. Lastly the entire certificate chain should be in 1 file, since the cacert option accepts only 1 file.
1. Get the all the certs from a browser
Get this by clicking on the Lock or Green portion from the address bar
Click on the Connection tab and then "Certificate Information"
Click on the Details tab. Here you can Copy this to a file.
Select the DER encoded binary x.509(.cer) option
Do this for all the entries that show up in the Certificate Path tab (there will be around 3)
2. Convert the .cer files to PEM format with openssl:
openssl x509 -inform DES -in file1.cer -out file1.pem -text
openssl x509 -inform DES -in file2.cer -out file2.pem -text
openssl x509 -inform DES -in file3.cer -out file3.pem -text
3. Now append all these pem files into one repo
cat *.pem > certRepo
Now you can use the certRepo to connect via SSL
curl --cacert certRepo -u user:passwd -X GET -H 'Content-Type: application/json' "https//somesecureserver.com/rest/field"
Hi..
ReplyDeleteNeed to know the purpose of passing the userName and password? Certificate shouldn't be enough? And what if I am writing a Java client to hit a https url, do I need to pass the username and password in the GET request header?please do suggest
Thanks - helped
ReplyDeleteWow, that was helpful. Thanks a lot! Is there a resource somewhere that explains the theorical background of all these steps?
ReplyDeletea BIG THANKS. you are AWESOME !!
ReplyDeleteThanks for very helpful info.
ReplyDeleteThere is a typo, it needs ":" between "https" and "/somesecureserver.com/..."
ReplyDeleteOther than that, thank you for this article!
I LOVE YOU MAN, MUITO OBRIGADO.
ReplyDeleteI have two questions: first, this path to the https server, are you combining the certificate chain of the server that you are hitting or is it the server from which the connect is made?
ReplyDeleteThe reason I ask this is the following: If it is the certificate of the server I am hitting e.g google..com, what will the password in user:passwd be?