cURL 与 NSS - 找不到证书

Question

I'm trying to cURL using a certificate stored in an NSS database, however while running the cURL command, it says the certificate cannot be found. Here is the list of the certs in my DB:

[root@localhost scripts]# certutil -L -d /nss

Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI

Test User                                                     u,u,u
Test Root CA                                                 ,,   
Test SUBCA2                                                  ,,   

You can see the "Test User" cert is in there. I also confirmed that SSL_DIR is set to the DB directory:

[root@localhost scripts]# echo $SSL_DIR
/nss

However, when I run the cURL command:

[root@localhost etc]# curl -vk --cert "Test User" https://localhost:7446
* About to connect() to localhost port 7446 (#0)
*   Trying ::1... connected
* Connected to localhost (::1) port 7446 (#0)
* Initializing NSS with certpath: sql:/nss
* warning: ignoring value of ssl.verifyhost
* skipping SSL peer certificate verification
* NSS: client certificate not found: Test User
* NSS error -5938
* Closing connection #0
curl: (35) NSS: client certificate not found: Test User

Any reason why it can't find the cert?

Answer 1

I figured out the issue. It was a couple of issues.

When creating the database, I should have added the --empty-password flag:

certutil -N -d /nss --empty-password

Also, when adding the cert, I needed to add sql: before the NSS DB field:

pk12util -i cert.p12 -d sql:/nss