sebastienblanc · July 30, 2018 13:11
diff --git a/gistfile1.txt b/gistfile1.txt
 curl --cacert server-cert.pem --cert client-keystore.p12 -v --data "client_id=x509client&username=seb&password=seb&grant_type=password" https://localhost:8443/auth/realms/master/protocol/openid-connect/token | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying ::1...
 * TCP_NODELAY set
 * connect to ::1 port 8443 failed: Connection refused
 *   Trying 127.0.0.1...
 * TCP_NODELAY set
 * Connected to localhost (127.0.0.1) port 8443 (#0)
 * Initializing NSS with certpath: sql:/etc/pki/nssdb
 *   CAfile: server-cert.pem
  CApath: none
 * warning: certificate file name "client-keystore.p12" handled as nickname; please use "./client-keystore.p12" to force file name
 * NSS: client certificate not found: client-keystore.p12
 * ALPN, server accepted to use h2
 * SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
 * Server certificate:
 * 	subject: CN=localhost,OU=Keycloak,O=JBoss,L=Red Hat,ST=World,C=WW
 * 	start date: Jul 30 12:53:19 2018 GMT
 * 	expire date: Oct 28 12:53:19 2018 GMT
 * 	common name: localhost
 * 	issuer: CN=localhost,OU=Keycloak,O=JBoss,L=Red Hat,ST=World,C=WW
 * Using HTTP2, server supports multi-use
 * Connection state changed (HTTP/2 confirmed)
 * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
 * Using Stream ID: 1 (easy handle 0x5592c9ffc010)
 > POST /auth/realms/master/protocol/openid-connect/token HTTP/2
 > Host: localhost:8443
 > User-Agent: curl/7.53.1
 > Accept: */*
 > Content-Length: 66
 > Content-Type: application/x-www-form-urlencoded
 > 
 } [66 bytes data]
 * We are completely uploaded and fine
 * Connection state changed (MAX_CONCURRENT_STREAMS updated)!
 < HTTP/2 401 
 < content-type: application/json
 < content-length: 85
 < date: Mon, 30 Jul 2018 13:10:10 GMT
 < 
 { [85 bytes data]
 100   151  100    85  100    66    692    537 --:--:-- --:--:-- --:--:--   696
 * Connection #0 to host localhost left intact
 {
  "error_description": "X509 client certificate is missing.",
  "error": "invalid_request"
 }
	curl --cacert server-cert.pem --cert client-keystore.p12 -v --data "client_id=x509client&username=seb&password=seb&grant_type=password" https://localhost:8443/auth/realms/master/protocol/openid-connect/token \| jq
	% Total % Received % Xferd Average Speed Time Time Time Current
	Dload Upload Total Spent Left Speed
	0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying ::1...
	* TCP_NODELAY set
	* connect to ::1 port 8443 failed: Connection refused
	* Trying 127.0.0.1...
	* TCP_NODELAY set
	* Connected to localhost (127.0.0.1) port 8443 (#0)
	* Initializing NSS with certpath: sql:/etc/pki/nssdb
	* CAfile: server-cert.pem
	CApath: none
	* warning: certificate file name "client-keystore.p12" handled as nickname; please use "./client-keystore.p12" to force file name
	* NSS: client certificate not found: client-keystore.p12
	* ALPN, server accepted to use h2
	* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	* Server certificate:
	* subject: CN=localhost,OU=Keycloak,O=JBoss,L=Red Hat,ST=World,C=WW
	* start date: Jul 30 12:53:19 2018 GMT
	* expire date: Oct 28 12:53:19 2018 GMT
	* common name: localhost
	* issuer: CN=localhost,OU=Keycloak,O=JBoss,L=Red Hat,ST=World,C=WW
	* Using HTTP2, server supports multi-use
	* Connection state changed (HTTP/2 confirmed)
	* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
	* Using Stream ID: 1 (easy handle 0x5592c9ffc010)
	> POST /auth/realms/master/protocol/openid-connect/token HTTP/2
	> Host: localhost:8443
	> User-Agent: curl/7.53.1
	> Accept: /
	> Content-Length: 66
	> Content-Type: application/x-www-form-urlencoded
	>
	} [66 bytes data]
	* We are completely uploaded and fine
	* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
	< HTTP/2 401
	< content-type: application/json
	< content-length: 85
	< date: Mon, 30 Jul 2018 13:10:10 GMT
	<
	{ [85 bytes data]
	100 151 100 85 100 66 692 537 --:--:-- --:--:-- --:--:-- 696
	* Connection #0 to host localhost left intact
	{
	"error_description": "X509 client certificate is missing.",
	"error": "invalid_request"
	}