Use self signed certificate with cURL?
This is just another version of this question: Using openssl to get the certificate from a server
Or put more bluntly:
Using curl --cert is wrong, it is for client certificates.
First, get the the certs your server is using:
$ echo quit | openssl s_client -showcerts -servername server -connect server:443 > cacert.pem
(-servername
is necessary for SNI so that you get the right virtual server's certificate back)
Then make your curl command line use that set to verify the server in subsequent operations:
$ curl --cacert cacert.pem https://server/ [and the rest]
To make request from https server through curl. I make use of below steps
- Step1: Generate self signed certificate with below code at root of the project you want to make use of it.
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -nodes
- Step2: Fill the prompt with required details but when you get to Common name input localhost e.g
Common Name (eg, fully qualified host name) []:localhost
- step3: When your openssl cert.pem & key.pem has being generated startup your server then in another terminal or command line run
curl --cacert cert.pem https://localhost:443
Note: I use port 443 which is the default https port, you can make use of another port then make sure cert.pem file path is well referenced.