From Fedora Project Wiki
This page is a draft only
It is still under construction and content may change. Do not rely on the information on this page.
It is still under construction and content may change. Do not rely on the information on this page.
curl is a tool to transfer data from or to a server, using one of the supported protocols (HTTP, HTTPS, FTP, FTPS, SCP, SFTP, TFTP, DICT, TELNET, LDAP or FILE). The command is designed to work without user interaction.
1. Set SSL_DIR environment variable to path of your NSS database.
If the variable is not set, "/etc/pki/nssdb" is used.
2. You don't need to turn on NSS support explicitly, curl always uses NSS for SSL.
The SSL connection is usually initiated by accessing a "https://" URL.
3. Root CA certificates are read by default from "/etc/pki/tls/certs/ca-bundle.crt" in the PEM format. You can specify another CA certificate (or bundle) by curl's option --cacert. The mandatory argument is then a PEM file containing CA certificate(s).
4. You can also access https URLs protected by a client certificate.
If you don't specify the certificate manually, NSS tries to select the right one from the NSS database automatically. You can specify it's nickname by curl's option --cert.
- NOTE: You can try to set SSL_DIR to another database to search the certificates in, e.g. the database used by Firefox.
5. By the curl's option --cert you can also specify a PEM file containing the client certificate. This should be sufficient if the key is embedded in the cert.
6. To specify a bare key use curl's option --key. The mandatory argument is a PEM file containing the key. If the key is protected by a pass-phrase, you can give it by curl's option --pass.