ホーム エクスプローラ ヘルプ
サインイン
OWEALs
/
curl
同期ミラー https://github.com/curl/curl.git
2
0
フォーク 0
ファイル 課題 8 Wiki
ツリー: 6fa1d817e5
ブランチ タグ
curl
/
docs
/
cmdline-opts
/
cert.d

cert.d 2.4 KB
履歴 Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849 
  1. c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
    2. 

  2. SPDX-License-Identifier: curl
    3. 

  3. Short: E
    4. 

  4. Long: cert
    5. 

  5. Arg: <certificate[:password]>
    6. 

  6. Help: Client certificate file and password
    7. 

  7. Protocols: TLS
    8. 

  8. See-also: cert-type key key-type
    9. 

  9. Category: tls
    10. 

  10. Example: --cert certfile --key keyfile $URL
    11. 

  11. Added: 5.0
    12. 

  12. Multi: single
    13. 

  13. ---
    14. 

  14. Tells curl to use the specified client certificate file when getting a file
    15. 

  15. with HTTPS, FTPS or another SSL-based protocol. The certificate must be in
    16. 

  16. PKCS#12 format if using Secure Transport, or PEM format if using any other
    17. 

  17. engine. If the optional password is not specified, it is queried for on
    18. 

  18. the terminal. Note that this option assumes a certificate file that is the
    19. 

  19. private key and the client certificate concatenated. See --cert and --key to
    20. 

  20. specify them independently.
    21. 

  21. 

  22. In the <certificate> portion of the argument, you must escape the character ":"
    23. 

  23. as "\\:" so that it is not recognized as the password delimiter. Similarly, you
    24. 

  24. must escape the character "\\" as "\\\\" so that it is not recognized as an
    25. 

  25. escape character.
    26. 

  26. 

  27. If curl is built against OpenSSL library, and the engine pkcs11 is available,
    28. 

  28. then a PKCS#11 URI (RFC 7512) can be used to specify a certificate located in
    29. 

  29. a PKCS#11 device. A string beginning with "pkcs11:" is interpreted as a
    30. 

  30. PKCS#11 URI. If a PKCS#11 URI is provided, then the --engine option is set as
    31. 

  31. "pkcs11" if none was provided and the --cert-type option is set as "ENG" if
    32. 

  32. none was provided.
    33. 

  33. 

  34. (iOS and macOS only) If curl is built against Secure Transport, then the
    35. 

  35. certificate string can either be the name of a certificate/private key in the
    36. 

  36. system or user keychain, or the path to a PKCS#12-encoded certificate and
    37. 

  37. private key. If you want to use a file from the current directory, please
    38. 

  38. precede it with "./" prefix, in order to avoid confusion with a nickname.
    39. 

  39. 

  40. (Schannel only) Client certificates must be specified by a path
    41. 

  41. expression to a certificate store. (Loading *PFX* is not supported; you can
    42. 

  42. import it to a store first). You can use
    43. 

  43. "<store location>\\<store name>\\<thumbprint>" to refer to a certificate
    44. 

  44. in the system certificates store, for example,
    45. 

  45. *"CurrentUser\\MY\\934a7ac6f8a5d579285a74fa61e19f23ddfe8d7a"*. Thumbprint is
    46. 

  46. usually a SHA-1 hex string which you can see in certificate details. Following
    47. 

  47. store locations are supported: *CurrentUser*, *LocalMachine*, *CurrentService*,
    48. 

  48. *Services*, *CurrentUserGroupPolicy*, *LocalMachineGroupPolicy* and
    49. 

  49. *LocalMachineEnterprise*.
    50.