I'm trying to connect to SecureTransport 4.5.1 via FTPS using curl compiled with gnutls.
You need to use --ftp-alternative-to-user "SITE AUTH" per http://curl.haxx.se/mail/lib-2006-07/0068.html
Do you see anything wrong with my client certificates?
I try with
# mycert.crt
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
# mykey.pem
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
And it says "530 No client certificate presented":
myuser@myserver ~ $ curl -v --ftp-ssl --cert mycert.crt --key mykey.pem --ftp-alternative-to-user "SITE AUTH" -T helloworld.txt ftp://ftp.example.com:9876/upload/
* About to connect() to ftp.example.com port 9876 (#0)
* Trying 1.2.3.4... connected
* Connected to ftp.example.com (1.2.3.4) port 9876 (#0)
< 220 msn1 FTP server (SecureTransport 4.5.1) ready.
> AUTH SSL
< 334 SSLv23/TLSv1
* found 142 certificates in /etc/ssl/certs/ca-certificates.crt
> USER anonymous
< 331 Password required for anonymous.
> PASS [email protected]
< 530 Login incorrect.
> SITE AUTH
< 530 No client certificate presented.
* Access denied: 530
* Closing connection #0
curl: (67) Access denied: 530
I also tried with a pk8 version...
# openssl pkcs8 -in mykey.pem -topk8 -nocrypt > mykey.pk8
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
...but got exactly the same result.
What's the trick to sending a client certificate to SecureTransport?
The trick: Don't use GnuTLS. Make sure your cURL is compiled with OpenSSL, e.g.
I had previously recompiled cURL to use GnuTLS, but according to the mailing list GnuTLS is not very well supported.
Since I was on Gentoo, I got the default cURL back with
Finally, here's the command that works for me:
(Word to the wise: use ftp:// in the URL, not ftps://)