Have worked out the script, indeed the --cert-type must be present on the right place.
P.S. on Mac platform curl is known to give problems due to the certificates, the best workaround for me was to run the script from a linux docker container.
#Personal configuration :setup secrets
# ProofofConcept shellscript to interact for nb-iot with OceanConnect
# v0.1 20171029WalterT
# v0.2 20171122belooussov
# NB: minimal errorchecking
#Personal configuration :setup secrets
APPID=TYPE_YOUR_APP_ID_HERE
SECRET=TYPE_YOUR_SECRET_KEY_HERE
# Generic configuration
# onetime creation of pem file by concatenating the two original files
# file should be located in the directory from which the script is run
#
# cat outgoing.CertwithKey.key > 1.pem
# cat outgoing.CertwithKey.crt >> 1.pem
KEY=accessToken
#######################################
# login and populate TOKEN variable #
#######################################
TOKEN=`/usr/bin/curl -k -X POST https://160.44.201.248:8743/iocm/app/sec/v1.1.0/login \
-d "appId=$APPID&Secret=$SECRET" \
--cert-type PEM \
--cert ./1.pem \
--header 'cache-control: no-cache' \
-H 'content-type: application/x-www-form-urlencoded' 2>/dev/null | /usr/bin/awk -F"[,:{}]" '{for(i=1;i<=NF;i++){if($i~/'$KEY'\042/){print $(i+1)}}}' | tr -d '"'`
#echo "*******************************************"
#echo $TOKEN
#echo "*******************************************"
if [ -z "$TOKEN" ]; then
echo "login failed\n\n"
exit 1
fi
#################
# getdevices #
#################
curl -k -X GET https://160.44.201.248:8743/iocm/app/dm/v1.1.0/devices?pageNo=0 \
-d "appId=$APPID&Secret=$SECRET" \
--cert-type PEM \
--cert ./1.pem \
-H "app_key: $APPID" \
-H "authorization: Bearer $TOKEN" \
-H 'cache-control: no-cache' \
-H 'content-type: application/json'