sebastienblanc/gist:fcb777fa6615edfc010e5b0c35802deb

## gistfile1.txt
 curl --cacert server-cert.pem --cert client-keystore.p12 -v --data "client_id=x509client&username=seb&password=seb&grant_type=password" https://localhost:8443/auth/realms/master/protocol/openid-connect/token | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying ::1...
* TCP_NODELAY set
* connect to ::1 port 8443 failed: Connection refused
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 8443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: server-cert.pem
  CApath: none
* warning: certificate file name "client-keystore.p12" handled as nickname; please use "./client-keystore.p12" to force file name
* NSS: client certificate not found: client-keystore.p12
* ALPN, server accepted to use h2
* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate:
* 	subject: CN=localhost,OU=Keycloak,O=JBoss,L=Red Hat,ST=World,C=WW
* 	start date: Jul 30 12:53:19 2018 GMT
* 	expire date: Oct 28 12:53:19 2018 GMT
* 	common name: localhost
* 	issuer: CN=localhost,OU=Keycloak,O=JBoss,L=Red Hat,ST=World,C=WW
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x5592c9ffc010)
> POST /auth/realms/master/protocol/openid-connect/token HTTP/2
> Host: localhost:8443
> User-Agent: curl/7.53.1
> Accept: */*
> Content-Length: 66
> Content-Type: application/x-www-form-urlencoded
>
} [66 bytes data]
* We are completely uploaded and fine
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
< HTTP/2 401
< content-type: application/json
< content-length: 85
< date: Mon, 30 Jul 2018 13:10:10 GMT
<
{ [85 bytes data]
100   151  100    85  100    66    692    537 --:--:-- --:--:-- --:--:--   696
* Connection #0 to host localhost left intact
{
  "error_description": "X509 client certificate is missing.",
  "error": "invalid_request"
}
	curl --cacert server-cert.pem --cert client-keystore.p12 -v --data "client_id=x509client&username=seb&password=seb&grant_type=password" https://localhost:8443/auth/realms/master/protocol/openid-connect/token \| jq
	% Total % Received % Xferd Average Speed Time Time Time Current
	Dload Upload Total Spent Left Speed
	0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying ::1...
	* TCP_NODELAY set
	* connect to ::1 port 8443 failed: Connection refused
	* Trying 127.0.0.1...
	* TCP_NODELAY set
	* Connected to localhost (127.0.0.1) port 8443 (#0)
	* Initializing NSS with certpath: sql:/etc/pki/nssdb
	* CAfile: server-cert.pem
	CApath: none
	* warning: certificate file name "client-keystore.p12" handled as nickname; please use "./client-keystore.p12" to force file name
	* NSS: client certificate not found: client-keystore.p12
	* ALPN, server accepted to use h2
	* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	* Server certificate:
	* subject: CN=localhost,OU=Keycloak,O=JBoss,L=Red Hat,ST=World,C=WW
	* start date: Jul 30 12:53:19 2018 GMT
	* expire date: Oct 28 12:53:19 2018 GMT
	* common name: localhost
	* issuer: CN=localhost,OU=Keycloak,O=JBoss,L=Red Hat,ST=World,C=WW
	* Using HTTP2, server supports multi-use
	* Connection state changed (HTTP/2 confirmed)
	* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
	* Using Stream ID: 1 (easy handle 0x5592c9ffc010)
	> POST /auth/realms/master/protocol/openid-connect/token HTTP/2
	> Host: localhost:8443
	> User-Agent: curl/7.53.1
	> Accept: /
	> Content-Length: 66
	> Content-Type: application/x-www-form-urlencoded
	>
	} [66 bytes data]
	* We are completely uploaded and fine
	* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
	< HTTP/2 401
	< content-type: application/json
	< content-length: 85
	< date: Mon, 30 Jul 2018 13:10:10 GMT
	<
	{ [85 bytes data]
	100 151 100 85 100 66 692 537 --:--:-- --:--:-- --:--:-- 696
	* Connection #0 to host localhost left intact
	{
	"error_description": "X509 client certificate is missing.",
	"error": "invalid_request"
	}