From https://curl.haxx.se/docs/httpscripting.html
In the HTTPS world, you use certificates to validate that you are the one you claim to be, as an addition to normal passwords. Curl supports client- side certificates. All certificates are locked with a pass phrase, which you need to enter before the certificate can be used by curl. The pass phrase can be specified on the command line or if not, entered interactively when curl queries for it. Use a certificate with curl on a HTTPS server like:
curl --cert mycert.pem https://secure.example.comcurl also tries to verify that the server is who it claims to be, by verifying the server's certificate against a locally stored CA cert bundle. Failing the verification will cause curl to deny the connection. You must then use --insecure (-k) in case you want to tell curl to ignore that the server can't be verified. More about server certificate verification and ca cert bundles can be read in the SSLCERTS document, available online here: https://curl.haxx.se/docs/sslcerts.html
At times you may end up with your own CA cert store and then you can tell curl to use that to verify the server's certificate:
curl --cacert ca-bundle.pem https://example.com/
What HTTP request and response headers do curl --cert and curl --cacert read and write?
Thanks.

