X509 Certificates in Keychain Scripting

How does one access an X509 Certificate in Keychain Scripting on 10.5.x and and 10.4.11? (Its going to be used in a lib curl call to an https URL and its a self signed certificate)

I’ve tried various methods using examples of code for accessing “Internet keys” but all attempts have failed.

Signed clueless

I am posting a reply to myself, again, for the future benefit of others. Here’s what I have discovered and got working to access an HTTPS site using libcurl:

  1. Curl requires ssl certificates to be in a PEM format.
  2. You must convert the SSL .cer format files to .pem format files using the “openssl” command in a terminal session:

openssl x509 -inform DES -in “path to input folder and certificate file.cer” -out “path to outputfolder and name.pem” -text

Then the following libcurl call to an https site will work:

curl --cacert posix path pemfilefolder and name.pem -o Desktop/outputfile.xml -u username:password https://abc.com/somefolder/some.aspx

Hope this helps others for the future.