[Pki-users] curl / certrequests
Dinesh Prasanth Moluguwan Krishnamoorthy
dmoluguw at redhat.com
Thu Jun 25 02:52:02 UTC 2020
(cc'ing pki-users for more wider audience)
Try to extract the admin cert and key from PKCS12 to a PEM file:
````
$ openssl pkcs12 -in ~/.dogtag/pki-tomcat/ca_admin_cert.p12 -out
file.crt.pem -clcerts -nokeys
$ openssl pkcs12 -in ~/.dogtag/pki-tomcat/ca_admin_cert.p12 -out
file.key.pem -nocerts -nodes
````
Then, pass both the cert and key as params to curl:
$ curl -v -k -E file.crt.pem --key file.key.pem https://
<host>:8443/ca/rest/agent/certrequests
Note that I am passing in `-k` since I am using a self-signed CA cert.
Ref:
https://stackoverflow.com/questions/32253909/curl-with-a-pkcs12-certificate-in-a-bash-script
HTH.
Regards,
--Dinesh
On Wed, Jun 17, 2020 at 7:02 AM Pascal Jakobi <pascal.jakobi at gmail.com>
wrote:
> [root at auth pki-tomcat]# curl -v -E "/tmp/ca_admin.cert" -H "Accept: application/json" https://zbook.home:8443/ca/rest/agent/certrequests
> * Trying 192.168.1.20:8443...
> * TCP_NODELAY set
> * Connected to zbook.home (192.168.1.20) port 8443 (#0)
> * ALPN, offering h2
> * ALPN, offering http/1.1
> * unable to set private key file: '/tmp/ca_admin.cert' type PEM
> * Closing connection 0
> curl: (58) unable to set private key file: '/tmp/ca_admin.cert' type PEM
> [root at auth pki-tomcat]#
>
>
> For the time being, I do not understand what's to be done...
>
> Rgds
>
> P
> Le 16/06/2020 à 01:09, Dinesh Prasanth Moluguwan Krishnamoorthy a écrit :
>
> Hi Pascal,
>
> What version of PKI are you using?
>
> Can you try replacing your URL with https protocol and corresponding port
> number? https://zbook.home:8443/ca/rest/agent/certrequests
> By default, secure port is 8443
>
> Regards,
> --Dinesh
>
> On Mon, Jun 15, 2020 at 6:55 PM Pascal Jakobi <pascal.jakobi at gmail.com>
> wrote:
>
>> I am trying to retrieve the cert reqs that are in my CA at the moment.
>>
>> The (wrong) curl command I use is below, with its result :
>>
>> curl -v -E "/tmp/ca_admin.cert" -H "Accept: application/json"
>> http://zbook.home:8080/ca/rest/agent/certrequests
>> * Trying 192.168.1.20...
>> * TCP_NODELAY set
>> * Connected to zbook.home (192.168.1.20) port 8080 (#0)
>> > GET /ca/rest/agent/certrequests HTTP/1.1
>> > Host: zbook.home:8080
>> > User-Agent: curl/7.61.1
>> > Accept: application/json
>> >
>> < HTTP/1.1 302
>> < Cache-Control: private
>> < Expires: Thu, 01 Jan 1970 00:00:00 GMT
>> < Location: https://zbook.home:8443/ca/rest/agent/certrequests
>> < Content-Length: 0
>> < Date: Mon, 15 Jun 2020 22:50:24 GMT
>> <
>> * Connection #0 to host zbook.home left intact
>>
>> Can someone tell me what's the correct curl command or why don't I
>> receive anything as a result ?
>>
>>
>> Thank you in advance.
>> --
>> *Pascal Jakobi*
>> _______________________________________________
>> Pki-users mailing list
>> Pki-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/pki-users
>
> --
> *Pascal Jakobi* 116 rue de Stalingrad 93100 Montreuil, France
> pascal.jakobi at gmail.com - +33 6 87 47 58 19
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20200624/423a9a7f/attachment.htm>
More information about the Pki-users
mailing list