I'm trying connect my PHP app to the server, which require auth by private key and does not have certs on public servers.
API location: https://b2b.postaonline.cz/
To acces the API from browser, I have installed these certs: http://www.postsignum.cz/certifikaty_autorit.html (PEM)
then I was able to connect with my .pfx cert, retrieved from PostSignum.
However, I'm unable to connect from Linux server, using curl. Ofc, I have searched and tested stuff several hours - like converting private to RSA and so on.
So current status is, that I have used received .pfx and extracted stuff like this:
openssl pkcs12 -in certificate.pfx -out ca.pem -cacerts -nokeys
openssl pkcs12 -in certificate.pfx -out client.pem -clcerts -nokeys
openssl pkcs12 -in certificate.pfx -out key.pem -nocerts
After, I've used curl to connect:
$ curl -v --key ./key.pem --cacert ./ca.pem --cert ./client.pem https://b2b.postaonline.cz/
* Trying 193.150.24.113...
* Connected to b2b.postaonline.cz (193.150.24.113) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: ./ca.pem
CApath: none
* unable to load client key: -8178 (SEC_ERROR_BAD_KEY)
* NSS error -8178 (SEC_ERROR_BAD_KEY)
* Peer's public key is invalid.
* Closing connection 0
curl: (58) unable to load client key: -8178 (SEC_ERROR_BAD_KEY)
This is something I'm getting with all the variations.
Notes: when I have loaded my certificate.pfx to the browser, connection was still insecure. So I have downloaded following from PostSignum cert site and loaded them into the browser
Postsignum Root QCA 2
Postsignum Public CA 2
just after that I was able to connect from browser.
I think this is something, I need to do also in the curl, but I have no idea how. With the ca.pem and client.pem, which are extracted just from certificate.pfx - I think curl is running into the same trouble as browaser was before additional Authoritiy certs was loaded. Any idea how to use that ?
Thank you.
There were 2 issues combined, now fixed - thanks to strace.
./key:pass, but by using --pass {phrase} option