curl is a tool to transfer data from or to a server, using one of the supported protocols (HTTP, HTTPS, FTP, FTPS, SCP, SFTP, TFTP, DICT, TELNET, LDAP or FILE). The command is designed to work without user interaction.
1. Set SSL_DIR environment variable to path of your NSS database.
If the variable is not set, "/etc/pki/nssdb" is used.
2. You don't need to turn on NSS support explicitly, curl always uses NSS for SSL.
The SSL connection is usually initiated by accessing a "https://" URL.
3. Root CA certificates are read by default from "/etc/pki/tls/certs/ca-bundle.crt" in the PEM format. You can specify another CA certificate (or bundle) by curl's option --cacert. The mandatory argument is then a PEM file containing CA certificate(s).
4. You can also access https URLs protected by a client certificate.
If you don't specify the certificate manually, NSS tries to select the right one from the NSS database automatically. You can specify it's nickname by curl's option --cert.
- NOTE: You can try to set SSL_DIR to another database to search the certificates in, e.g. the database used by Firefox.
5. By the curl's option --cert you can also specify a PEM file containing the client certificate. This should be sufficient if the key is embedded in the cert.
6. To specify a bare key use curl's option --key. The mandatory argument is a PEM file containing the key. If the key is protected by a pass-phrase, you can give it by curl's option --pass.