On Thursday, September 01, 2016 23:10:17 George Wash wrote:
> I'm trying to use curl on fedora 23 with NSS coolkey and a CAC smart card.
> Want to use a credential on the smart card for mutual auth TLS.
>
> After using modutil I can see and list my certs from the token attached to
> the NSS certdb.
>
> I've set the SSL_DIR to the path to my cert db?
>
> My build of curl seems to have the fix where a cert nickname can have a ':'
> but needs escaping with a \. This is helpful because the --cert
> "token\:cert nickname:password" seems to be parsing the token and cert
> nickname correctly. However I get an error that the token:cert cannot be
> found in the cert database.

Have you tried to pass just the nickname to the --cert option of curl?

You can use the --pass option to specify the password.

> Has anyone had luck with an NSS build of curl and a smart card from the
> command line (without vectoring off to using libcurl)?

I have no first-hand experience with that, neither any HW to try it out.

> Are there any other avenues I should consider here?

Please paste the full output of 'certutil -L -d sql:$SSL_DIR'.

Kamil

> Thanks
-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-users
FAQ: https://curl.haxx.se/docs/faq.html
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2016-09-02