curl with sso certificates or how to test REST Services
6. 10. 2020
During agile development it is always challenge to keep the tooling simple and flexible. We need often test our or others REST services and installing tools such a postman or soap UI is not always the flexible and quick option. It takes hours to make either postman or soap ui properly working, have all options make work. There is also challenge to test available services for analyse or design purposes.
Good option is synthetize the request with curl. In the grown mature enterprise IT architecture the services are always protected with authentication and with https protocol. Here comes the challenge. For REST services the user is crucial to obtain correct responsibilities and roles to obtain right data etc.
As we coped with this challenge to prepare curl request which can be spread through the team we have struggled to make sso certificates work with curl.
Our case was to use certificate which is installed in the windows , export it and make it work with curl. Here are the steps to be done :
- Export the certificate from windows using : Type in start : Manage user certificates
- Go to Personal -> Certificates All Tasks -> Export
- Choose PKCS #12 format (.pfx), do not choose delete the private key
- You have cert.pfx
- for the curl you need the pem format of certificate and separate certificate for ca certificate , client certificate, key in rsa format, so you need openssl to convert it. My example was tested in Linux RHEL6
openssl pkcs12 -in cert.pfx -out ca.pem -cacerts -nokeys
openssl pkcs12 -in cert.pfx -out client.pem -clcerts -nokeys
openssl pkcs12 -in cert.pfx -nocerts -nodes -passin pass:1234 | openssl rsa -out privkey.pem
Now you have 3 files ca.pem, client.pem and privkey.pem in rsa format. Now you can prepare your curl request . Execute the request from the directory where you have these 3 generated files
curl -k -v --insecure --cert ./client.pem:1234 --key ./privkey.pem -X POST -H 'Content-Type: application/json' -d '{"body":{"key": "55555"}}' 'https://testurl/service/RESTService/GetCustomers'
Optionally you can use ca certificate
curl -k -v --cacert ca.pem --cert ./client.pem:1234 --key ./privkey.pem -X POST -H 'Content-Type: application/json' -d '{"body":{"key": "55555"}}' 'https://testurl/service/RESTService/GetCustomers'
This is a result of many hours research and test and fail approach. It is not very well documented. Option k is to skip validation of certificates, privkey has to be in rsa format and don‘t forget to put after --cert filename the keystore password after :.
Create and share your test and enjoy , go and develop your interface.
Back to Blog