If your QualysGuard account is configured with SSL certificates for two factor authentication, you also need a certificate to make call to the API v1 and API v2.
Here is an example using "curl" that shows you how to use the certificates in a PEM format.
$ curl --cert ./cert.pem:my_passphrase -u "user:pass" "https://certs.qualysguard.qualys.com/msp/about.php"
$ curl --cert ./cert.pem:my_passphrase -u "user:pass" -H "X-Requested-With:curl" "https://certs.qualysguard.qualys.com/api/2.0/fo/scan/?action=list"
- The option --cert is used to indicate to curl where the certificate is located. In this example the file "cert.pem" is located in the current folder and the prefix "./" must be used
- Also, the certicate "cert.pem" must contain a private key protected with the pass phrase "my_passphrase" passed to curl as shown in the example
- -u "user:pass" is used to do basic authentication using the QualysGuard user names "user" and the password "pass"
- -H "X-Requested-With:curl" is the special HTTP header parameter required for any QualysGuard API v2 call.
- the URL for client certificate authentication is "https://certs.qualysguard.qualys.com"
Your certificate might be provided in a PKCS12 format (.p12 or .pfx file extension). Please use to following command to create a .pem certificate file:
$ openssl pkcs12 -in cert.p12 -out cert.pem -clcerts Enter Import Password: ******** ## enter the password used to protect the private key) MAC verified OK Enter PEM pass phrase: ********** ## enter your pass phrase to protect the private key in the new cert.pem file Verifying - Enter PEM pass phrase: **********
YOU MUST PROVIDE A PASS PHRASE AS SHOWN IN THE TWO LAST LINES. If you don't provide a passphrase, you will get the following curl error message:
curl: (58) unable to set private key file: 'cert.pem' type PEM