1

I am using below command to connect:-

curl --cert-type P12 --cert ./my.p12:password --cacert ./my-cert.pem https://host:8443/api/root

but getting this ERROR:

curl: (58) unable to load client cert: -8018 (SEC_ERROR_UNKNOWN_PKCS11_ERROR)

curl version ==:

curl 7.29.0 (x86_64-redhat-linux-gnu) libcurl/7.29.0 NSS/3.53.1 zlib/1.2.7 libidn/1.28 libssh2/1.8.0
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smtp smtps telnet tftp 
Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz unix-sockets

OS version :-

CentOS Linux release 7.7.1908 (Core)

curl with -v results :

  • About to connect() to host port 8443 (#0)
  • Trying 10.X.X.X
  • Connected to host (10.X.X.X) port 8443 (#0)
  • Initializing NSS with certpath: sql:/etc/pki/nssdb
  • CAfile: ./my-cert.pem CApath: none
  • unable to load client cert: -8018 (SEC_ERROR_UNKNOWN_PKCS11_ERROR)
  • NSS error -8018 (SEC_ERROR_UNKNOWN_PKCS11_ERROR)
  • Unknown PKCS #11 error.
  • Closing connection 0 curl: (58) unable to load client cert: -8018 (SEC_ERROR_UNKNOWN_PKCS11_ERROR)
tinlyx
  • 536
  • 1
  • 5
  • 22
TKHN
  • 67
  • 2
  • 10

1 Answers1

1

Try this:

taken from here

Change the following line in the configuration file /etc/opensc/opensc.conf:

# reader_drivers = openct, pcsc, ctapi;

to:

reader_drivers = pcsc;
Shōgun8
  • 695
  • 5
  • 16
  • I dont have this file. – TKHN May 30 '21 at 11:42
  • not sure how will this work...mine is centos7 – TKHN May 30 '21 at 11:46
  • A google of the key words ***opensec.conf location centos*** directed me to this page https://centos.pkgs.org/7/centos-x86_64/opensc-0.19.0-3.el7.x86_64.rpm.html, which showed the location on CentOS to be at ***/etc/opensec.conf***. C'mon now, a little effort on your part is required – Shōgun8 May 31 '21 at 08:43
  • yeah Buddy..I checked the same location.. – TKHN May 31 '21 at 09:04
  • It seemed I need to have smart card confgured by admin – TKHN May 31 '21 at 09:04
  • seems a related question https://superuser.com/questions/1367608/smart-card-issue-with-opensc-pklogin-finder-debug-only-on-centos. – TKHN May 31 '21 at 09:06
  • Then it looks like you don't have the necessary libraries installed. Perhaps having a look at this solution will provide the answer for you https://stackoverflow.com/questions/19265100/curl-command-unable-to-load-client-cert-8018 – Shōgun8 May 31 '21 at 09:06
  • sure..thank you – TKHN May 31 '21 at 09:07