A recent project required the automated upload of a file to a TumbleWeed (now SecureTransport) server. The project uses a password-protected digital certificate for authentication. The file upload is being done from a linux host, so I can’t use the provided windows-only client. cURL to the rescue!
To get started, concatenate your private key and the public certificate as follows. Assuming that private key is in a file called “key.pem” and the certificate is held in “cert.pem”:
cat key.pem cert.pem > combined.pem
Now, to transfer the file, two commands will be used. The first command connects to the site and saves all cookies to a file.
curl -vv -c /tmp/cookie -E combined.pem:password https://host.destination.com/
The “-vv” option tells curl to increase the verbosity the messages it produces. This is useful for debugging and can be removed. The “-c” option tells curl to store the cookies sent from the host in a temporary file. The “-E” option tells curl what certificate to use for authentication – note that the file name is followed by a colon, then the password for the private key in that file. Also note that the filename specified is the combined private key/public cert that we created above. Finally, the host is the last parameter.
The second command connects to the site and echos back the cookie along with the other options to upload the file.
curl -vv -b /tmp/cookie -T outgoing/CEE090305.txt -E combined.pem:password https://host.destination.com/
The only difference in the second command is that we are telling curl to send back the cookies found in /tmp/cookie using the “-b” option. We also indicate that the file specified after the “-T” option should be sent using an http PUT. For this to work, be sure that the host parameter has a trailing slash (i.e. http://host.com/ instead of http://host.com).
Leave a Reply