2016-11-16 06:44:58 +08:00
|
|
|
Short: E
|
|
|
|
Long: cert
|
|
|
|
Arg: <certificate[:password]>
|
|
|
|
Help: Client certificate file and password
|
|
|
|
Protocols: TLS
|
|
|
|
See-also: cert-type key key-type
|
2020-07-13 20:15:04 +08:00
|
|
|
Category: tls
|
2021-08-31 22:37:14 +08:00
|
|
|
Example: --cert certfile --key keyfile $URL
|
2021-09-28 17:50:07 +08:00
|
|
|
Added: 5.0
|
2016-11-16 06:44:58 +08:00
|
|
|
---
|
|
|
|
Tells curl to use the specified client certificate file when getting a file
|
|
|
|
with HTTPS, FTPS or another SSL-based protocol. The certificate must be in
|
|
|
|
PKCS#12 format if using Secure Transport, or PEM format if using any other
|
2021-11-26 15:46:59 +08:00
|
|
|
engine. If the optional password is not specified, it will be queried for on
|
2016-11-16 06:44:58 +08:00
|
|
|
the terminal. Note that this option assumes a \&"certificate" file that is the
|
|
|
|
private key and the client certificate concatenated! See --cert and --key to
|
|
|
|
specify them independently.
|
|
|
|
|
|
|
|
If curl is built against the NSS SSL library then this option can tell
|
|
|
|
curl the nickname of the certificate to use within the NSS database defined
|
|
|
|
by the environment variable SSL_DIR (or by default /etc/pki/nssdb). If the
|
|
|
|
NSS PEM PKCS#11 module (libnsspem.so) is available then PEM files may be
|
|
|
|
loaded. If you want to use a file from the current directory, please precede
|
2021-11-26 15:46:59 +08:00
|
|
|
it with "./" prefix, in order to avoid confusion with a nickname. If the
|
2016-11-16 06:44:58 +08:00
|
|
|
nickname contains ":", it needs to be preceded by "\\" so that it is not
|
2021-11-26 15:46:59 +08:00
|
|
|
recognized as password delimiter. If the nickname contains "\\", it needs to
|
2016-11-16 06:44:58 +08:00
|
|
|
be escaped as "\\\\" so that it is not recognized as an escape character.
|
|
|
|
|
2018-02-19 21:31:06 +08:00
|
|
|
If curl is built against OpenSSL library, and the engine pkcs11 is available,
|
|
|
|
then a PKCS#11 URI (RFC 7512) can be used to specify a certificate located in
|
|
|
|
a PKCS#11 device. A string beginning with "pkcs11:" will be interpreted as a
|
|
|
|
PKCS#11 URI. If a PKCS#11 URI is provided, then the --engine option will be set
|
|
|
|
as "pkcs11" if none was provided and the --cert-type option will be set as
|
|
|
|
"ENG" if none was provided.
|
|
|
|
|
2016-11-16 06:44:58 +08:00
|
|
|
(iOS and macOS only) If curl is built against Secure Transport, then the
|
|
|
|
certificate string can either be the name of a certificate/private key in the
|
|
|
|
system or user keychain, or the path to a PKCS#12-encoded certificate and
|
|
|
|
private key. If you want to use a file from the current directory, please
|
|
|
|
precede it with "./" prefix, in order to avoid confusion with a nickname.
|
|
|
|
|
2019-01-29 17:09:29 +08:00
|
|
|
(Schannel only) Client certificates must be specified by a path
|
2018-04-18 21:01:14 +08:00
|
|
|
expression to a certificate store. (Loading PFX is not supported; you can
|
|
|
|
import it to a store first). You can use
|
|
|
|
"<store location>\\<store name>\\<thumbprint>" to refer to a certificate
|
|
|
|
in the system certificates store, for example,
|
|
|
|
"CurrentUser\\MY\\934a7ac6f8a5d579285a74fa61e19f23ddfe8d7a". Thumbprint is
|
|
|
|
usually a SHA-1 hex string which you can see in certificate details. Following
|
|
|
|
store locations are supported: CurrentUser, LocalMachine, CurrentService,
|
|
|
|
Services, CurrentUserGroupPolicy, LocalMachineGroupPolicy,
|
|
|
|
LocalMachineEnterprise.
|
|
|
|
|
2016-11-16 06:44:58 +08:00
|
|
|
If this option is used several times, the last one will be used.
|