Components All New MacOS Windows Linux iOS
Examples Mac & Win Server Client Guides Statistic FMM Blog Deprecated Old

CURL.SetOptionSSLCert

Sets the file path for the certificate.

Component Version macOS Windows Linux Server iOS SDK
CURL 2.5 ✅ Yes ✅ Yes ✅ Yes ✅ Yes ✅ Yes
MBS( "CURL.SetOptionSSLCert"; curl; Value { ; Encoding } )   More

Parameters

Parameter Description Example Flags
curl The CURL session handle. $curl
Value The file path to the certificate. "/tmp/test.pem"
Encoding The text encoding for text parameter.
Default is UTF-8.
Possible encoding names: ANSI, ISO-8859-1, Latin1, Mac, Native, UTF-8, DOS, Hex, Base64 or Windows. More listed in the FAQ.
"utf8" Optional

Result

Returns "OK" on success.

Description

Sets the file path for the certificate.
Pass a text string as parameter. The string should be the file name of your certificate. The default format is "PEM" and can be changed with CURL.SetOptionSSLCertType.

With NSS this can also be the nickname of the certificate you wish to authenticate with. If you want to use a file from the current directory, please precede it with "./" prefix, in order to avoid confusion with a nickname.

Starting with version 8.0 the plugin will always use UTF-8 encoding for file path on Linux and macOS. For macOS we also do the unicode character normalization for file names for you.

For the GSX example, apple-cert+key.pem in our case is a text file containing the key and certificate:

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC,B8DCBDA00BFB07EB3CE3901334FC7028

lKa9vkyhSkx1N8PS+0gUsDLa5Ki36z9wuw9IdVQAeNuGYwPvpPwGzYiUWXE7p8H1
...
WHhQqB/FACH0XbOWWUtHInNlNVHFcKKtJdg/JIlkMQfvSD3XnSNLgLvOpr10L85Z
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIEuTCCA6GgAwIBAgIIVbEoCG6/FTIwDQYJKoZIhvcNAQELBQAwezE1MDMGA1UE
....
AYf7yNIM0btoU2ymPrzwn02AKxnk6QRMqVkirDHSWew/mQfxlOg2HN2HJ1MQR9wC
3bxbgvJL1EFq9AAK5g==
-----END CERTIFICATE-----

You can normally just copy the files together with a text editor.

See CURL.SetOptionSSLCertBlob to pass certificate as container or text.

See also SSLCERT option in CURL manual.

Examples

Set a client SSL certificate:

Set Variable [$r; Value:MBS("CURL.SetOptionSSLCert"; $curl; "/some/certfile.pem")]
Set Variable [$r; Value:MBS("CURL.SetOptionSSLCertType"; $curl; "PEM")]
Set Variable [$r; Value:MBS("CURL.SetOptionKeyPassword"; $curl; "secret")]

Send request to Apple's gsx webservice:

Set Variable [$XMLRequest; Value:""]
#Start new session
Set Variable [$curl; Value:MBS("CURL.New")]
# URL for web service
Set Variable [$result; Value:MBS("CURL.SetOptionURL"; $curl; "https://gsxapiut.apple.com:443/gsx-ws/services/emea/asp")]
# Mark content as XML
Set Variable [$result; Value:MBS("CURL.SetOptionHTTPHeader"; $curl; "Content-Type: text/xml; charset=UTF-8")]
# Pass XML content for request
Set Variable [$result; Value:MBS("CURL.SetOptionPostFields"; $curl; $XMLRequest)]
# Certificate and private key in one file
Set Variable [$result; Value:MBS("CURL.SetOptionSSLCert"; $curl; "/Users/cs/Keys/apple-cert+key.pem")]
# Root certificates
Set Variable [$result; Value:MBS("CURL.SetOptionCAInfo"; $curl; "/Users/cs/Keys/cacert.pem")]
# SSL Key is in PEM Format
Set Variable [$result; Value:MBS("CURL.SetOptionSSLCertType"; $curl; "PEM")]
# Password for key file
Set Variable [$result; Value:MBS("CURL.SetOptionKeyPassword"; $curl; "xxx")]
# SSL Verification on
Set Variable [$result; Value:MBS("CURL.SetOptionSSLVerifyPeer"; $curl; 1)]
Set Variable [$result; Value:MBS("CURL.SetOptionSSLVerifyHost"; $curl; 1)]
# use TLS v1.2
Set Variable [$result; Value:MBS("CURL.SetOptionSSLVersion"; $curl; 6)]
#RUN now
Set Field [CURL Test::Result; MBS("CURL.Perform"; $curl)]
#Check result
Set Field [CURL Test::Text; MBS("CURL.GetResultAsText"; $curl; "UTF8")]
Set Field [CURL Test::debug; MBS("CURL.GetDebugMessages"; $curl)]
#Cleanup
Set Variable [$result; Value:MBS("CURL.Release"; $curl)]

Talk to Apple's global service exchange webservice:

# Various parameters
Set Variable [ $userid ; Value: "???" ]
Set Variable [ $serviceAccountNo ; Value: "???" ]
Set Variable [ $PrivateKeyPassword ; Value: "???" ]

# Build XML with our values:
Set Variable [ $xml ; Value: Tabelle::Login XML Template ]
Set Variable [ $xml ; Value: Substitute($xml; "$userid$"; MBS("Text.EncodeToXML"; $userid)) ]
Set Variable [ $xml ; Value: Substitute($xml; "$serviceAccountNo$"; MBS("Text.EncodeToXML"; $serviceAccountNo)) ]

# Start CURL
Set Variable [ $curl ; Value: MBS("CURL.New") ]
Set Variable [ $r ; Value: MBS("CURL.SetOptionURL";$curl; "https://gsxapi.apple.com/gsx-ws/services/emea/asp") ]
Set Variable [ $r ; Value: MBS("CURL.SetOptionSSLCertType"; $curl; "PEM") ]
Set Variable [ $r ; Value: MBS("CURL.SetOptionKeyPassword"; $curl; $PrivateKeyPassword) ]
# pem file with private key and certificate from Apple
Set Variable [ $r ; Value: MBS("CURL.SetOptionSSLCert"; $curl; "/Users/test/Desktop/test.pem") ]
# some root certificates
Set Variable [ $r ; Value: MBS("CURL.SetOptionCAInfo"; $curl; "/Users/test/Desktop/cacert.pem") ]
Set Variable [ $r ; Value: MBS("CURL.SetOptionSSLVersion"; $curl; 6) // TLS v1.2 ]
Set Variable [ $r ; Value: MBS("CURL.SetOptionTimeOut"; $curl; 10) ]
Set Variable [ $r ; Value: MBS("CURL.SetOptionHTTPHeader"; $curl; "Content-Type: text/xml; charset=UTF-8") ]
# run the login query
Set Variable [ $r ; Value: MBS("CURL.Perform"; $curl) ]
# check result
Set Variable [ $httpResponse ; Value: MBS( "CURL.GetResponseCode"; $curl ) ]
Set Field [ Tabelle::CURL Result ; $r ]
Set Field [ Tabelle::CURL Input ; $xml ]
Set Field [ Tabelle::CURL Debug ; MBS("CURL.GetDebugMessages"; $curl; "UTF8") ]
Set Field [ Tabelle::CURL Output ; MBS("CURL.GetResultAsText"; $curl; "UTF8") ]
# here we extract session
Set Field [ Tabelle::SessionID ; MBS("Text.FindBetween"; Tabelle::CURL Output; "<userSessionId>"; "</userSessionId>") ]
Wenn [ $r = "OK" UND $httpResponse = 200 ]
        # OK
Ende (wenn)
Set Variable [ $r ; Value: MBS("CURL.Release") ]

See also

Release notes

Blog Entries

Created 18th August 2014, last changed 25th June 2020


CURL.SetOptionSSHPublicKeyfile - CURL.SetOptionSSLCertBlob