转自：https://curl.haxx.se/mail/archive-2005-09/0138.html

Greetings CURL users!

I just subscribed to the list and would like to share a problem and it's
solution, after a couple of hours working around it... I was going to write
to the list for help ;)

I was having problems using Curl to connect to a https server using a client
certificate. I believe i was doing everything by the book, but somehow Curl
kept complaining about the private key file.

1) I had a PKCS#12 file which contained the CA and Client certificates and
the private key: "MULTICERT.p12"

2) I convert it to PEM format with:
openssl pkcs12 -in MULTICERT.p12 -out cert.pem
Enter Import Password:
MAC verified OK
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:

and the file cert.pem was created with all the certificates and the private
key (i used "xxxxxx" for the PEM pass phrase).

3) However when i used Curl to connect to the https server

curl -d "var1=value1&var2=value2&..." -G -v --cert cert.pem:xxxxxx
https://www.somesite.com/page
* About to connect() to www.somesite.com port 443
* Trying 123.123.123.123... * connected
* Connected to www.somesite.com (123.123.123.123) port 443
* unable to set private key file: 'cert.pem' type PEM

* Closing connection #0
curl: (58) unable to set private key file: 'cert.pem' type PEM

4) So then i tried to put the CA certificate, Client Certificate and Private
Key in separate files:
openssl pkcs12 -in MULTICERT.p12 -out ca.pem -cacerts -nokeys
openssl pkcs12 -in MULTICERT.p12 -out client.pem -clcerts -nokeys
openssl pkcs12 -in MULTICERT.p12 -out key.pem -nocerts

and then i tried Curl again:

curl -d "var1=value1&var2=value2&..." -G -v --key key.pem --cacert
ca.pem --cert client.pem:xxxxxx https://www.somesite.com/page

and it worked!!! :)

Still don't know why the first method - having everything in one cert file -
didn't work...!?
Maybe the proivate key was'nt on the right order...

Well, anyway, hope this helps anyone

Cheers!