--cert¶
Use the specified client certificate file when getting a file with HTTPS, FTPS or another SSL-based protocol. The certificate must be PEM format. If the optional password is not specified, it is queried for on the terminal. Note that this option assumes a certificate file that is the private key and the client certificate concatenated. See --cert and --key to specify them independently.
In the \<certificate> portion of the argument, you must escape the character
: as \: so that it is not recognized as the password delimiter. Similarly,
you must escape the double quote character as \" so that it is not recognized
as an escape character.
If curl is built against OpenSSL, and the engine pkcs11 or pkcs11
provider is available, then a PKCS#11 URI (RFC 7512) can be used to specify a
certificate located in a PKCS#11 device. A string beginning with pkcs11: is
interpreted as a PKCS#11 URI. If a PKCS#11 URI is provided, then the --engine
option is set as pkcs11 if none was provided and the --cert-type option is
set as ENG or PROV if none was provided (depending on OpenSSL version).
If curl is built against GnuTLS, a PKCS#11 URI can be used to specify
a certificate located in a PKCS#11 device. A string beginning with pkcs11:
is interpreted as a PKCS#11 URI.
(Schannel) Client certificates must be specified by a path expression to a certificate store. (Loading PFX is not supported; you can import it to a store first). You can use "\<store location>\<store name>\<thumbprint>" to refer to a certificate in the system certificates store, for example, "CurrentUser\MY\934a7ac6f8a5d579285a74fa61e19f23ddfe8d7a". Thumbprint is usually a SHA-1 hex string which you can see in certificate details. Following store locations are supported: CurrentUser, LocalMachine, CurrentService, Services, CurrentUserGroupPolicy, LocalMachineGroupPolicy and LocalMachineEnterprise.