1--- 2c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al. 3SPDX-License-Identifier: curl 4Title: CURLOPT_SSLCERT 5Section: 3 6Source: libcurl 7See-also: 8 - CURLOPT_KEYPASSWD (3) 9 - CURLOPT_SSLCERTTYPE (3) 10 - CURLOPT_SSLKEY (3) 11Protocol: 12 - TLS 13TLS-backend: 14 - OpenSSL 15 - GnuTLS 16 - mbedTLS 17 - Schannel 18 - Secure Transport 19 - wolfSSL 20--- 21 22# NAME 23 24CURLOPT_SSLCERT - SSL client certificate 25 26# SYNOPSIS 27 28~~~c 29#include <curl/curl.h> 30 31CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSLCERT, char *cert); 32~~~ 33 34# DESCRIPTION 35 36Pass a pointer to a null-terminated string as parameter. The string should be 37the filename of your client certificate. The default format is `P12` on Secure 38Transport and `PEM` on other engines, and can be changed with 39CURLOPT_SSLCERTTYPE(3). 40 41With Secure Transport, this can also be the nickname of the certificate you 42wish to authenticate with as it is named in the security database. If you want 43to use a file from the current directory, please precede it with `./` prefix, 44in order to avoid confusion with a nickname. 45 46(Schannel only) Client certificates can be specified by a path expression to a 47certificate store. (You can import *PFX* to a store first). You can use 48"\<store location\>\\\<store name\>\\\<thumbprint\>" to refer to a certificate 49in the system certificates store, for example, 50**"CurrentUser\\MY\\934a7ac6f8a5d579285a74fa"**. The thumbprint is usually a 51SHA-1 hex string which you can see in certificate details. Following store 52locations are supported: **CurrentUser**, **LocalMachine**, 53**CurrentService**, **Services**, **CurrentUserGroupPolicy**, 54**LocalMachineGroupPolicy**, **LocalMachineEnterprise**. Schannel also support 55P12 certificate file, with the string `P12` specified with 56CURLOPT_SSLCERTTYPE(3). 57 58When using a client certificate, you most likely also need to provide a 59private key with CURLOPT_SSLKEY(3). 60 61The application does not have to keep the string around after setting this 62option. 63 64# DEFAULT 65 66NULL 67 68# EXAMPLE 69 70~~~c 71int main(void) 72{ 73 CURL *curl = curl_easy_init(); 74 if(curl) { 75 CURLcode res; 76 curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); 77 curl_easy_setopt(curl, CURLOPT_SSLCERT, "client.pem"); 78 curl_easy_setopt(curl, CURLOPT_SSLKEY, "key.pem"); 79 curl_easy_setopt(curl, CURLOPT_KEYPASSWD, "s3cret"); 80 res = curl_easy_perform(curl); 81 curl_easy_cleanup(curl); 82 } 83} 84~~~ 85 86# AVAILABILITY 87 88If built TLS enabled. 89 90# RETURN VALUE 91 92Returns CURLE_OK if TLS enabled, CURLE_UNKNOWN_OPTION if not, or 93CURLE_OUT_OF_MEMORY if there was insufficient heap space. 94