Getting "curl: (58) unable to use client certificate" with calls using p12 file
I created a p12 file on my MacOS ElCaptain, using a .pem and .key file via openssl command :
openssl pkcs12 -export -in <PEM_file>.pem -inkey <PRIVATE_KEY>.key -out <FILENAME>.p12
Everything went ok. I was able to make my cURL calls using this p12.
When I did the same on my Ubuntu 14.04.5 LTS (with the same .pem and .key), I started to receive this message when I used cURL with the p12:
curl: (58) unable to use client certificate (no key found or wrong pass phrase?)
What I am missing?
Answer
curl supports about a dozen different SSL/TLS implementations and how certs&keys are supplied varies depending on which implementation is used in your build. Use curl -V (upper vee) to check. I'd guess, but don't know, the MacOS build uses SecureTransport; the (standard) package on my off-in-the-corner Ubuntu 14.04.4 definitely uses OpenSSL.
Per the man page and confirmed by experiment on my Ubuntu, this build wants PEM format files, not PKCS12. These are the same two files you used as input to openssl pkcs12 -export, or you can concatenate them and just use that for --cert (this can work because PEM format marks each block separately); and if you don't have them anymore you can just use openssl pkcs12 -in foo.p12 -out foo.pem (i.e. OMIT -export) to convert back.