Skip to content


FIXME: This does not work on CentOS 7. Possible since curl is built against libnss and not OpenSSL. Doesn't handle proxy-certificates?

This guide outlines the procedure for using cURL to access files through the WebDav door of dCache.

Essential parameters

--capath /etc/grid-security/certificates

The certificate bundle provided through --capath is required in order for cURL to accept the server certificates the door presents. If the certificate bundle is not available, the -k flag may be passed to allow untrusted server certificates.

--cert /tmp/x509up_u1234

--cert (or -E) names the proxy certificate generated by arcproxy or similar tools, which is a single PEM file consisting of the client certificate, the proxy key and the proxy certificate. The name will vary based on the user issuing it. grid-proxy-init or arcproxy will put the certificate in /tmp by default and name it according to the pattern x509up_u<NumericUID>.


--location (or -L) instructs cURL to follow HTTP redirects, in this case the 302 redirects that the dCache door uses to direct clients to different storage nodes.


Since sslv3 Version is disabled on servers due to POODLE: SSLv3 vulnerability (CVE-2014-3566) but some of the cURL Versions are trying to connect to SSLv3 instead of TLS and failing to connect to with an error along the lines of curl: (35) Unknown SSL protocol error in connection to .... So this parameter is recommended to be used with cURL till the problem is solved.

Other parameters


Write output to a local file named like the remote file we get (only the file part of the remote file is used, the path is cut off). The file will be saved in the current working directory.

-T ~/source.file

This transfers the specified local file to the remote URL. If there is no file part in the specified URL (ends with a /), curl will append the local file name.

Sample invocations

Downloads the file 'file-to-download.txt':

curl --tlsv1.3 --location --capath /etc/grid-security/certificates --cert /tmp/x509up_u1234 -O

Upload the file source.file as 'uploaded.txt':

curl --tlsv1.3 --location --capath /etc/grid-security/certificates --cert /tmp/x509up_u1234 -T ~/source.file
Back to top