How to get and use certificates with curl

14

1

  1. Entering the following command 

    curl -k email@mail.com:password https://www.example.com

    Returns the following error

     <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="http://mail.google.com/mail/">here</A>.
</BODY></HTML>
badauth

  2. after downloading the cacert.crt file from here

    http://www.cacert.org/index.php?id=3

    Then renamed the cacert.crt file to cacert.pem

    Then tried:

    curl --cacert /path/to/cacert.pem email@mail.com:password https://www.example.com

    But get the same error.

  3. Then trying:

    curl  https://www.example.com

    I get this error

    curl: (60) SSL certificate problem: unable to get local issuer certificate More details here: http://curl.haxx.se/docs/sslcerts.html

    curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option.
    If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL).
    If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option

  4. So I tried with -k

    curl  -k https://www.example.com

    But of course get the error

    Badauth

I'm guessing I'm doing something wrong with the certificate file but I don't know where to get a certificate file or what to do with it once I have it.

I have no problem logging in using a browser of course but I'd like to automate the process with the command line so I can do this with tasker on my Android tablet over WiFi.

Joshua Robison

Posted 2013-10-07T09:05:33.787

Reputation: 555

Answers

2

SUCCESS!!

I went through a free web service called dnsomatic (run by the folks at opendns)

It's as simple as signing up for an account and adding opendns to your services. No configuration beyond that.

For Android users busybox versions of wget are way behind and don't have options to use user names and passwords, so we will have to install and use cURL

The guide to install curl can be found here

http://forum.xda-developers.com/showthread.php?t=2362386

Once you have curl you can simply do things like updating your opendns ip 

curl -u opendnsusername:password http://updates.dnsomatic.com/nic/update?hostname=opendnshostname

Joshua Robison

Posted 2013-10-07T09:05:33.787

Reputation: 555

I still can't figure out how to get and use certificates with curl but my ultimate goal has been accomplished. Maybe someone can help with the certificate bit. – Joshua Robison – 2013-10-24T22:27:12.737

1

You can download the cacert root certificates from here: http://www.cacert.org/index.php?id=3

Flash

Posted 2013-10-07T09:05:33.787

Reputation:

1Do I just choose the basic pem format .crt file and change it's name to .pem? – Joshua Robison – 2013-10-07T12:07:09.320

1

Apparently not. I downloaded the .crt file that says it's in pem format and renamed it to curlcacert.pem and did curl --cacert /path/to/curlcacert.pem https://www.site.com but still get cert errors.

– Joshua Robison – 2013-10-07T13:26:31.117

1What do I do with them once I download them? Can't I just use the same cert my browser uses? – Joshua Robison – 2013-10-09T13:03:29.230

Asked: 2013-10-07T09:05:33.787

Viewed: 56 908 times

Active: 2019-02-26T14:39:06.953