Centos 7: cURL ssl error: you are attempting to import a cert with the same

gisly
May 20, 2022
156 views
0 votes
2 Answers

I am testing a web service protected with mtls. I have issued both client and server certificates (for testing purposes) and added the server certificate to trust store.
The following command works on Ubuntu but not on Centos 7:

curl --cert MY_CLIENT_CERTIFICATE.pem https://MY_URL

On centos 7 (cURL v. 7.29), it returns:

cURL error 35: sl error: you are attempting to import a cert with the same issuer/serial as an existing cert

Do I understand it correctly that cURL does not allow me to issue both client and server certificates using the same issuer? Is there a workaround?

Answers

Chosen as BEST ANSWER
- gisly
- May 31, 2022 at 9:34 pm
- 0 votes
0
Updating curl fixed the problem

(Edit)

- SteffenUllrich
- May 20, 2022 at 3:29 pm
- 0 votes
0
… cURL does not allow me to issue both client and server certificates using the same issuer

It is not about the same issuer but about the same issuer and serial number:

… you are attempting to import a cert with the same issuer/serial as an existing cert

If the same serial number is used for different certificates issued by the same CA then the certificate issuing process is broken: different certificates issued by the same CA MUST have different serial numbers. You need to fix this process and not try to work around it.

Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.