Mac OS X Yosemite and Client SSL Certificates

Question

Ever since I upgraded from Mavericks to Yosemite, my SSL Client Certificates have stopped working in certain places. They still work in web browsers and in wget, but they have stopped working in curl and in Python's requests library.

This works:

$ wget https://localhost --certificate cert.pem --private-key private.pem

This doesn't work:

$ curl https://localhost --cert cert.pem --key private.pem
curl: (58) SSL: Can't load the certificate "cert.pem" and its private key: OSStatus -25299

But yet if I combine the pems into a p12, it does work:

$ curl https://localhost --cert cert.p12:password

But Python doesn't support p12s, and this doesn't work:

import requests
print requests.get("https://localhost", cert=("cert.pem","private.pem")).content

It doesn't complain, but it doesn't send the client certificate either.

score 1 · Answer 1 · answered Jul 13 '15 at 15:06

1

Short answer: The new version of CURL uses Apple's Secure Transport API now instead of the OpenSSL API and you'll need to use the P12 format for certificates.

See the write up here: http://curl.haxx.se/mail/archive-2013-10/0036.html

answered Jul 13 '15 at 15:06

Simon

11

Mac OS X Yosemite and Client SSL Certificates

1 Answers1