Home Explore Help
Sign In
OWEALs
/
curl
mirror of https://github.com/curl/curl.git
2
0
Fork 0
Files Issues 8 Wiki
Tree: b90f857fab
Branches Tags
curl
/
docs
/
cmdline-opts
/
cert.d

cert.d 2.9 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859 
  1. c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
    2. 

  2. SPDX-License-Identifier: curl
    3. 

  3. Short: E
    4. 

  4. Long: cert
    5. 

  5. Arg: <certificate[:password]>
    6. 

  6. Help: Client certificate file and password
    7. 

  7. Protocols: TLS
    8. 

  8. See-also: cert-type key key-type
    9. 

  9. Category: tls
    10. 

  10. Example: --cert certfile --key keyfile $URL
    11. 

  11. Added: 5.0
    12. 

  12. ---
    13. 

  13. Tells curl to use the specified client certificate file when getting a file
    14. 

  14. with HTTPS, FTPS or another SSL-based protocol. The certificate must be in
    15. 

  15. PKCS#12 format if using Secure Transport, or PEM format if using any other
    16. 

  16. engine. If the optional password is not specified, it will be queried for on
    17. 

  17. the terminal. Note that this option assumes a certificate file that is the
    18. 

  18. private key and the client certificate concatenated. See --cert and --key to
    19. 

  19. specify them independently.
    20. 

  20. 

  21. In the <certificate> portion of the argument, you must escape the character ":"
    22. 

  22. as "\\:" so that it is not recognized as the password delimiter. Similarly, you
    23. 

  23. must escape the character "\\" as "\\\\" so that it is not recognized as an
    24. 

  24. escape character.
    25. 

  25. 

  26. If curl is built against the NSS SSL library then this option can tell
    27. 

  27. curl the nickname of the certificate to use within the NSS database defined
    28. 

  28. by the environment variable SSL_DIR (or by default /etc/pki/nssdb). If the
    29. 

  29. NSS PEM PKCS#11 module (libnsspem.so) is available then PEM files may be
    30. 

  30. loaded.
    31. 

  31. 

  32. If you provide a path relative to the current directory, you must prefix the
    33. 

  33. path with "./" in order to avoid confusion with an NSS database nickname.
    34. 

  34. 

  35. If curl is built against OpenSSL library, and the engine pkcs11 is available,
    36. 

  36. then a PKCS#11 URI (RFC 7512) can be used to specify a certificate located in
    37. 

  37. a PKCS#11 device. A string beginning with "pkcs11:" will be interpreted as a
    38. 

  38. PKCS#11 URI. If a PKCS#11 URI is provided, then the --engine option will be set
    39. 

  39. as "pkcs11" if none was provided and the --cert-type option will be set as
    40. 

  40. "ENG" if none was provided.
    41. 

  41. 

  42. (iOS and macOS only) If curl is built against Secure Transport, then the
    43. 

  43. certificate string can either be the name of a certificate/private key in the
    44. 

  44. system or user keychain, or the path to a PKCS#12-encoded certificate and
    45. 

  45. private key. If you want to use a file from the current directory, please
    46. 

  46. precede it with "./" prefix, in order to avoid confusion with a nickname.
    47. 

  47. 

  48. (Schannel only) Client certificates must be specified by a path
    49. 

  49. expression to a certificate store. (Loading PFX is not supported; you can
    50. 

  50. import it to a store first). You can use
    51. 

  51. "<store location>\\<store name>\\<thumbprint>" to refer to a certificate
    52. 

  52. in the system certificates store, for example,
    53. 

  53. "CurrentUser\\MY\\934a7ac6f8a5d579285a74fa61e19f23ddfe8d7a". Thumbprint is
    54. 

  54. usually a SHA-1 hex string which you can see in certificate details. Following
    55. 

  55. store locations are supported: CurrentUser, LocalMachine, CurrentService,
    56. 

  56. Services, CurrentUserGroupPolicy, LocalMachineGroupPolicy,
    57. 

  57. LocalMachineEnterprise.
    58. 

  58. 

  59. If this option is used several times, the last one will be used.
    60.