I have a personal P12 certificate generated by a certificate authority.
I want to use it with CURL to access a protected URL. If CURL on CENTOS was compiled with openssl, I should only convert it to PEM format and provide that file to CURL (tested on UBUNTU and working).
The problem is that my curl is compiled with NSS. So, after googling a while, I found that I need to generate a NSS database and importing the cert into this database. After that I should be able to call curl passing an alias to it, and access my URL.
( as explained here: curl command - Unable to load client cert -8018 )
But I cant find a way to provide an ALIAS to my key. So curl wont find my imported key.
Calling curl gives me:
* Initializing NSS with certpath: sql:/var/nss
* warning: ignoring value of ssl.verifyhost
* skipping SSL peer certificate verification
* NSS: client certificate not found (nickname not specified)
* SSL connection using TLS_RSA_WITH_RC4_128_MD5
* Server certificate:
After a little research, I end up with 2 options: - try to import (or regenerate) this database (or p12) with an nickname (cant find how to do it) - or try to replace my curl and php_curl (I´ll need that later on) with one compiled with openssl (cant find a proper repository with both packages)
Any ideas??
Add an existing p12 certificate to the NSS DB using the pk12util command. Replace MYCERT.12 with your cert name and set the password. You will be prompted for a nickname/alias
[root@localhost/]# pk12util -d /app/nssdb/ -i MYCERT.p12 -W PASSWORD
Enter Password or Pin for "NSS FIPS 140-2 Certificate DB':
pk12util: no nickname for cert in PKS12 file
pk12util: using nickname: MYCERT
pk12util: PKCS12 IMPORT Successful