Forum Discussion

_KT_'s avatar
_KT_
Icon for Nimbostratus rankNimbostratus
Dec 22, 2016

How to present a certificate to end server using CURL

I have a number of health monitors which require a certificate to be presented to the end device. A certificate & key have been imported using the GUI under System > File Management > SSL Certificate List. The "container" name for these these has been specified against "Client Certificate" and "Client Key" within the health monitors. This is working OK.

 

My question is how can I do a manual check using curl before deploying new health monitors - i.e. if I want to run a check against a new end server to confirm it is replying OK before I actually configure anything on the LTM, how can I make this check using curl? I tried to specify the existing certificate & key as stored in the LTM file structure using the following command:

 

curl -v -k --key // --cert // https://

 

but I get an error back - "curl: (58) unable to use client certificate (no key found or wrong pass phrase?)"

 

BIG-IP
devops
LTM

3 Replies

Sort By
  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Dec 22, 2016

    The syntax should be

    curl -vk --cert [path to cert] --key [path to key] https://something...

    I'm not sure that cURL supports a passphrase-enabled private key. You may also need to copy the cert and key to a local place and rename them. Is the key in FIPS by any chance?

  • FMA's avatar
    FMA
    Icon for Nimbostratus rankNimbostratus
    Dec 23, 2016

    Hi there,

    add the following option to your curl command: 

    --pass""

  • pponte's avatar
    pponte
    Icon for Altostratus rankAltostratus
    Feb 07, 2022

    I know this is an old post, but could you fix this? I am trying to configure an https monitor by using a server profile, and I am not able to make it works.

    Trying to make a curl to debug the output, I am getting

    curl: (58) could not load PEM client certificate, OpenSSL error error:0906D06C:PEM routines:PEM_read_bio:no start line, (no key found, wrong pass phrase, or wrong file format?)