Trying to use curl with NSS to do client authentication against a cert-controlled webpage. [ckannan@localhost test]$ echo $SSL_DIR /home/ckannan/curl/test [ckannan@localhost test]$ ls *.db cert8.db key3.db secmod.db [ckannan@localhost test]$ [ckannan@localhost test]$ [ckannan@localhost test]$ [ckannan@localhost test]$ certutil -L -d . Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI testnick P,, OCSP Administrator of Instance pki-ocsp's pkisilentdomain ID u,u,u TKS Administrator of Instance pki-tks's pkisilentdomain ID u,u,u mach1.idm.lab.bos.redhat.com ,, VeriSign Class 3 Extended Validation SSL CA ,, wiki.idm.lab.bos.redhat.com ,, GeoTrust SSL CA ,, mach1.idm.lab.bos.redhat.com #2 ,, Certificate Authority - pkisilentdomain CT,C,C CA Administrator of Instance pki-ca's pkisilentdomain ID u,u,u KRA Administrator of Instance pki-kra's pkisilentdomain ID u,u,u RA Administrator's pkisilentdomain ID u,u,u TPS Administrator's pkisilentdomain ID u,u,u [ckannan@localhost test]$ [ckannan@localhost test]$ [ckannan@localhost test]$ [ckannan@localhost test]$ curl -v --cert "CA Administrator of Instance pki-ca's pkisilentdomain ID" --cacert "Certificate Authority - pkisilentdomain" --data-urlencode "xmlOutput=true" --data-urlencode "reqCompleted=true" --data-urlencode "reqType=enrollment" --data-urlencode "maxCount=20" "https://mach1.idm.lab.bos.redhat.com:9443/ca/agent/ca/queryReq" * About to connect() to mach1.idm.lab.bos.redhat.com port 9443 (#0) * Trying 10.16.96.53... connected * Connected to mach1.idm.lab.bos.redhat.com (10.16.96.53) port 9443 (#0) * Initializing NSS with certpath: /home/ckannan/curl/test * NSS error -5978 * Closing connection #0 * Problem with the SSL CA cert (path? access rights?) curl: (77) Problem with the SSL CA cert (path? access rights?) [ckannan@localhost test]$
You cannot specify a CA certificate by nickname.
upstream commit: https://github.com/bagder/curl/commit/11dde6ac
fixed in curl-7.29.0-1.fc19