I'm trying to connect to SecureTransport 4.5.1 via FTPS using curl compiled with gnutls.

You need to use --ftp-alternative-to-user "SITE AUTH" per http://curl.haxx.se/mail/lib-2006-07/0068.html

Do you see anything wrong with my client certificates?

I try with

# mycert.crt
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----


# mykey.pem
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----

And it says "530 No client certificate presented":

myuser@myserver ~ $ curl -v --ftp-ssl --cert mycert.crt  --key mykey.pem  --ftp-alternative-to-user "SITE AUTH" -T helloworld.txt ftp://ftp.example.com:9876/upload/
* About to connect() to ftp.example.com port 9876 (#0)
*   Trying 1.2.3.4... connected
* Connected to ftp.example.com (1.2.3.4) port 9876 (#0)
< 220 msn1 FTP server (SecureTransport 4.5.1) ready.
> AUTH SSL
< 334 SSLv23/TLSv1
* found 142 certificates in /etc/ssl/certs/ca-certificates.crt
> USER anonymous
< 331 Password required for anonymous.
> PASS [email protected]
< 530 Login incorrect.
> SITE AUTH
< 530 No client certificate presented.
* Access denied: 530
* Closing connection #0

curl: (67) Access denied: 530

I also tried with a pk8 version...

# openssl pkcs8 -in mykey.pem -topk8 -nocrypt > mykey.pk8
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----

...but got exactly the same result.

What's the trick to sending a client certificate to SecureTransport?