In my company, we are issued .p12 files and extract the certificate and private key like so:
openssl pkcs12 -in path.p12 -out newfile.crt.pem -clcerts -nokeys openssl pkcs12 -in path.p12 -out newfile.key.pem -nocerts -nodes
These are now in PEM format, and when making any call to a web service, we must send the credentials like so:
with requests.Session() as s: s.cert = (cert_file_path, key_file_path) r = s.get(some_url, verify=False)
As I understand it, the CA generates a certifcate (and public key) along with the corresponding private key and packages these in a .p12 file. The certificate is signed using the CA’s private key, such that when sent, the certificate is proof that I am who I say I am as a trusted user. But why do I send the private key? Shouldn’t that be kept on my system?