I'm trying to access a third-party service via PHP curl on a Centos 6 system which comes with curl and libcurl compiled against NSS instead of OpenSSL.
This is causing problems for me, every time I try to access the service I get this error NSS: client certificate not found (nickname not specified).
My understanding is that I need to install the certificates in the NSS database.
I'm looking for step by step instructions on how to do this (keep in mind, I need this to work with PHP curl functions called from Nginx server)
Thanks
Try prefixing the certificate filename with "./", or using the full path. From the curl manpage:
If curl is built against the NSS SSL library then this option [--cert] can tell curl the nickname of the certificate to use within the NSS database defined by the environment variable SSL_DIR (or by default /etc/pki/nssdb). If the NSS PEM PKCS#11 module (lib- nsspem.so) is available then PEM files may be loaded. If you want to use a file from the current directory, please precede it with "./" prefix, in order to avoid confusion with a nickname.
(emphasis mine)
Alternatively, some instructions for importing into the NSS certificate database are here, although I have not used them: http://rcritten.fedorapeople.org/nss_compat_ossl.html
I had the same issue on Centos 7. After debugging it was related to the the timeout.
So if you see this issue and use curl_setopt($curl, CURLOPT_TIMEOUT_MS, 300); Then check how long it takes. If it is around your timeout period. That is the problem and not related to any certificate.
I was expecting some timeout error from Curl in case of timeout but that doesn't seem to happen.
I got the same error message with curl when I entered the wrong password when trying to access a FTPS server which used simple password authentication. It had nothing to do with certificates.
来源:https://stackoverflow.com/questions/15773806/nss-client-certificate-not-found-nickname-not-specified