Date: Tue, 7 Apr 2015 20:53:44 -0400 From: el kalin <kalin@el.net> To: Dan Lukes <dan@obluda.cz>, freebsd-security@freebsd.org, freebsd-users@freebsd.org Subject: Re: openssl certificates Message-ID: <CAMJXocnd6im0_umgmRkLSL1QS4Fi=P0SW_P9MD7QzdZmJDEWeQ@mail.gmail.com> In-Reply-To: <552479C4.4030108@obluda.cz> References: <CAMJXocmzU6be4PXpdn9pf%2BVdOdsXwYkSZHM-Q1iZC-Vah7%2B7Qw@mail.gmail.com> <5524525D.50500@obluda.cz> <CAMJXocn6UeL72EcyvOo%2BoHxN=-VNjQVowK=7zitgPC5pAW5sVg@mail.gmail.com> <55245C8B.3020303@obluda.cz> <CAMJXoc=OMDP-Y96Lhebd-NfmUqzy_qFCpbskNG1ie0snGtm1=A@mail.gmail.com> <552479C4.4030108@obluda.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Apr 7, 2015 at 8:43 PM, Dan Lukes <dan@obluda.cz> wrote: > el kalin wrote: > > thanks dan=E2=80=A6 i have added the certs to the ca-root-nss.crt. it = still > > doesn't help much in my case. > > You didn't described your's issue in the original post. > > > the problem really is that i can not get any https requests from a > freebsd > > 10 box using a third party signed certificate with my private key and > their > > ca certs to work. mostly testing with wget on the command line (it's a > > remote machine) like: > > > > wget --verbose --no-cookies --certificate=3Dlocal.pem > > --ca-certificate=3D/usr/local/share/ca-root-nss.crt " > > https://domain.org/soapservice.asmx?WSDL" > > Well ... > > 1. wget is third party utility, not the native FreeBSD one, so if it is > wget's issue, you should as wget's authors/support team. But don't > forget local.pem should contain private key as well as certificate. they are both together - the signed certificate and the key... > > this is for a soap call. and the local.pem is a conversion from a pkcs1= 2 > > file. every time i do that i get: > > HTTP request sent, awaiting response... 405 Method Not Allowed > > > does that mean that the web server actually verified the certificate an= d > > the problem is coming from the soap server application? > > 2. we don't know the true reason for "405 Method Not Allowed" response. > It has nothing to do with FreeBSD. It's matter of either configuration > of HTTP server software (another third party application) or SOAP > application. It may or may not be related to a certificate. The > administrator of the www server/SOAP application in question should help > you. We are unable to disclose a reason for particular behavior of > unknown SOAP application. > > For example, you may use wrong HTTP method to access the application > (just idea derived from error message). > i think it's just GET. like firefox does. > > i am able to make a successful requests to retrieve the wsdl using > firefox > > after importing the signed certificate=E2=80=A6 > > May be it is using correct method ? Just guessing ... > > > also when i test the certificates agains the server with: > > > > openssl s_client -cert local.pem -connect domain.org:443 -CAfile > > /usr/local/share/ca-root-nss.crt -debug > > > > i get to: > > > > Timeout : 300 (sec) > > Verify return code: 0 (ok) > > --- > > > > and then it just hangs, nothing happens - there is no a prompt back=E2= =80=A6 > > What kind of prompt you are wishing for ? You ordered connection to the > HTTPS server. You got it. Now you need to write a HTTP/SOAP request. > Then you can wish for a response. > > I can't tell you the SOAP request format. There's nothing like generic > SOAP request. It's matter of the application in question. Consult it's > documentation or ask the author. > > thank you. i think i have an idea of where to look for the answers next. appreciate your replies...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAMJXocnd6im0_umgmRkLSL1QS4Fi=P0SW_P9MD7QzdZmJDEWeQ>