Annotation of embedaddon/curl/docs/cmdline-opts/cert.d, revision 1.1
1.1 ! misho 1: Short: E
! 2: Long: cert
! 3: Arg: <certificate[:password]>
! 4: Help: Client certificate file and password
! 5: Protocols: TLS
! 6: See-also: cert-type key key-type
! 7: ---
! 8: Tells curl to use the specified client certificate file when getting a file
! 9: with HTTPS, FTPS or another SSL-based protocol. The certificate must be in
! 10: PKCS#12 format if using Secure Transport, or PEM format if using any other
! 11: engine. If the optional password isn't specified, it will be queried for on
! 12: the terminal. Note that this option assumes a \&"certificate" file that is the
! 13: private key and the client certificate concatenated! See --cert and --key to
! 14: specify them independently.
! 15:
! 16: If curl is built against the NSS SSL library then this option can tell
! 17: curl the nickname of the certificate to use within the NSS database defined
! 18: by the environment variable SSL_DIR (or by default /etc/pki/nssdb). If the
! 19: NSS PEM PKCS#11 module (libnsspem.so) is available then PEM files may be
! 20: loaded. If you want to use a file from the current directory, please precede
! 21: it with "./" prefix, in order to avoid confusion with a nickname. If the
! 22: nickname contains ":", it needs to be preceded by "\\" so that it is not
! 23: recognized as password delimiter. If the nickname contains "\\", it needs to
! 24: be escaped as "\\\\" so that it is not recognized as an escape character.
! 25:
! 26: If curl is built against OpenSSL library, and the engine pkcs11 is available,
! 27: then a PKCS#11 URI (RFC 7512) can be used to specify a certificate located in
! 28: a PKCS#11 device. A string beginning with "pkcs11:" will be interpreted as a
! 29: PKCS#11 URI. If a PKCS#11 URI is provided, then the --engine option will be set
! 30: as "pkcs11" if none was provided and the --cert-type option will be set as
! 31: "ENG" if none was provided.
! 32:
! 33: (iOS and macOS only) If curl is built against Secure Transport, then the
! 34: certificate string can either be the name of a certificate/private key in the
! 35: system or user keychain, or the path to a PKCS#12-encoded certificate and
! 36: private key. If you want to use a file from the current directory, please
! 37: precede it with "./" prefix, in order to avoid confusion with a nickname.
! 38:
! 39: (Schannel only) Client certificates must be specified by a path
! 40: expression to a certificate store. (Loading PFX is not supported; you can
! 41: import it to a store first). You can use
! 42: "<store location>\\<store name>\\<thumbprint>" to refer to a certificate
! 43: in the system certificates store, for example,
! 44: "CurrentUser\\MY\\934a7ac6f8a5d579285a74fa61e19f23ddfe8d7a". Thumbprint is
! 45: usually a SHA-1 hex string which you can see in certificate details. Following
! 46: store locations are supported: CurrentUser, LocalMachine, CurrentService,
! 47: Services, CurrentUserGroupPolicy, LocalMachineGroupPolicy,
! 48: LocalMachineEnterprise.
! 49:
! 50: If this option is used several times, the last one will be used.
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to cert.d CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / curl / docs / cmdline-opts