Firstly my exposure and experience with certificates is limited so I am trying to use this as a learning experience as well as obtaining an answer.
Using Jenkins I would like to be able to make a curl request as part of my build that uses a certificate (.p12) to authenticate.
Example
curl --cert /Users/Jenkins/.jenkins/workspace/develop-pipeline/../certificates/dev_cert.p12:password https://jira.dev.organisation.co.uk:443/rest/api/2/issue/MYSTATS-1234
So I have a Desktop certificate (private key) which I have saved onto the machine where Jenkins runs, but I also understand that I need a CA certificate to authorise this private key (hope this is correct so far).
When I have run the curl command from the terminal on the Jenkins machine I had a popup that asked me did I want to use the cert within the keychain to authorise and I clicked always allow, so command line curl requests always work.
However when I run this as part of a Jenkins build I get
(58) SSL: Can't load the certificate "/Users/Jenkins/.jenkins/workspace/develop-pipeline/../certificates/dev_cert.p12" and its private key: OSStatus -25308
The path to the cert is correct as the directory structure is
develop-pipeline
certificates
dev_cert.p12
What I don't understand is that if I don't provide a password
curl --cert /Users/Jenkins/.jenkins/workspace/develop-pipeline/../certificates/dev_cert.p12 https://jira.dev.organisation.co.uk:443/rest/api/2/issue/MYSTATS-1234
I get the message:
SSL The certificate "/Users/Jenkins/.jenkins/workspace/develop-pipeline/dev_cert.p12" requires a password
So it has found the certificate ?
Also providing an incorrect password yields
SSL: Incorrect password for the certificate "/Users/Jenkins/.jenkins/workspace/develop-pipeline/dev_cert.p12" and its private key.
What do I need to do to get this working?
This Github comment helped me sorting out the curl issue on OSX. So in my case installing curl via Homebrew with OpenSSL flags did the trick.