ssl - Getting (58) unable to use client certificate (no key found or wrong pass phrase?) from curl -

i'm attempting make test calls third-party api requires client cert. generated new cert using command openssl:

req -new -newkey rsa:2048 -nodes -out mycsr.csr -keyout mykey.key 

i sent them csr, , sent me mycert.crt. concatenated cert , key together:

cat mycert.crt mykey.key > mycertandkey.pem 

finally, added mycert.crt ca-certificates folder , ca-certificates.conf , ran "update-ca-certificates --fresh".

now, i'm trying make curl call bash using following command:

curl -x --cert mycertandkey.pem -h 'accept-encoding: gzip,deflate' -h 'content-type: application/json' https://api.url.com 

i've tried:

curl -x --cert mycertandkey.pem --cacert mycert.crt -h 'accept-encoding: gzip,deflate' -h 'content-type: application/json' https://api.url.com 

and:

curl -x --cert mycertandkey.pem --cacert mycert.crt --key mykey.key -h 'accept-encoding: gzip,deflate' -h 'content-type: application/json' https://api.url.com 

and every other combination can think of. error "curl: (58) unable use client certificate (no key found or wrong pass phrase?)". key doesn't have passphrase. of cert/key files have 777 permissions.

i haven't worked certs in past , feel i've missed something, since seem have 1 cert. cert other company sent me cacert or client cert? did concatenate private key wrong cert?

i've found lot of piecemeal information online, if knows of tutorial on subject, i'd appreciate well.

adding pass phrase private key solved problem.

i used following command add passphrase:

ssh-keygen -p -f mykey.key 

before run command successfully, needed change permissions on key file. 777 not restrictive enough, , ssh-keygen not touch it. changing permissions 600 fixed that.

chmod 600 mykey.key 

after adding passphrase, recreated .pem file. can make curl calls using command:

curl -x --cert mycertandkey.pem:mypassphrase -h 'accept-encoding: gzip,deflate' -h 'content-type: application/json' https://api.url.com