cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

How to present a certificate to end server using CURL

_KT_
Nimbostratus
Nimbostratus

I have a number of health monitors which require a certificate to be presented to the end device. A certificate & key have been imported using the GUI under System > File Management > SSL Certificate List. The "container" name for these these has been specified against "Client Certificate" and "Client Key" within the health monitors. This is working OK.

 

My question is how can I do a manual check using curl before deploying new health monitors - i.e. if I want to run a check against a new end server to confirm it is replying OK before I actually configure anything on the LTM, how can I make this check using curl? I tried to specify the existing certificate & key as stored in the LTM file structure using the following command:

 

curl -v -k --key // --cert // https://

 

but I get an error back - "curl: (58) unable to use client certificate (no key found or wrong pass phrase?)"

 

3 REPLIES 3

Kevin_Stewart
F5 Employee
F5 Employee

The syntax should be

 

curl -vk --cert [path to cert] --key [path to key] https://something...

I'm not sure that cURL supports a passphrase-enabled private key. You may also need to copy the cert and key to a local place and rename them. Is the key in FIPS by any chance?

 

FMA
Nimbostratus
Nimbostratus

Hi there,

 

add the following option to your curl command: --pass""

 

pponte
Nimbostratus
Nimbostratus

I know this is an old post, but could you fix this? I am trying to configure an https monitor by using a server profile, and I am not able to make it works.

Trying to make a curl to debug the output, I am getting

curl: (58) could not load PEM client certificate, OpenSSL error error:0906D06C:PEM routines:PEM_read_bio:no start line, (no key found, wrong pass phrase, or wrong file format?)