ssl - Use self signed certificate with cURL?

Question

I have a flask application running using a self signed certificate. I'm able to send in a curl request using:

curl -v -k -H "Content-Type: application/json" -d '{"data":"value1","key":"value2"}' https://<server_ip>:<port>

The verbose logs show that everything went alright.

I wanted to avoid using the -k (--insecure) option and instead specify a .pem file that curl could use. Looking at the curl man page I found that you could do this using the --cert option. So I created a .pem file using this:

openssl rsa -in server.key -text > private.pem

CURL throws me this error when using the private.pem file:

curl: (58) unable to use client certificate (no key found or wrong pass phrase?)

Any suggestions? - or is this only possible with a properly signed certificate?

Tnx

Answer 1

This is just another version of this question: Using openssl to get the certificate from a server

Or put more bluntly:

Using curl --cert is wrong, it is for client certificates.

First, get the the certs your server is using:

$ echo quit | openssl s_client -showcerts -servername server -connect server:443 > cacert.pem

(-servername is necessary for SNI so that you get the right virtual server's certificate back)

Then make your curl command line use that set to verify the server in subsequent operations:

$ curl --cacert cacert.pem https://server/ [and the rest]