I'm attempting to make test calls to a third-party API that requires a client cert. I generated a new cert using this command with openssl:

req -new -newkey rsa:2048 -nodes -out mycsr.csr -keyout mykey.key

I then sent them the csr, and they sent me back mycert.crt. I concatenated the cert and the key together:

cat mycert.crt mykey.key > mycertandkey.pem

Finally, I added mycert.crt to the ca-certificates folder and ca-certificates.conf and ran "update-ca-certificates --fresh".

Now, I'm trying to make curl call from bash using the following command:

curl -X GET --cert mycertandkey.pem -H 'Accept-Encoding: gzip,deflate' -H 'Content-Type: application/json' https://api.URL.com

I've also tried:

curl -X GET --cert mycertandkey.pem --cacert mycert.crt -H 'Accept-Encoding: gzip,deflate' -H 'Content-Type: application/json' https://api.URL.com

and:

curl -X GET --cert mycertandkey.pem --cacert mycert.crt --key mykey.key -H 'Accept-Encoding: gzip,deflate' -H 'Content-Type: application/json' https://api.URL.com

And every other combination I can think of. I always get the error "curl: (58) unable to use client certificate (no key found or wrong pass phrase?)". The key doesn't have a passphrase. All of the cert/key files have 777 permissions.

I haven't worked much with certs in the past and I feel like I've missed something, especially since I seem to have only one cert. Is the cert that the other company sent me a cacert or is it my client cert? Did I concatenate the private key to the wrong cert?

I've found a lot of piecemeal information about this online, but if anyone knows of a good tutorial on this subject, I'd really appreciate that as well.