[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-wget] Issue with TOMCAT SSL server wget
From: |
brad bruggemann |
Subject: |
Re: [Bug-wget] Issue with TOMCAT SSL server wget |
Date: |
Wed, 8 Jun 2011 11:44:15 -0400 |
I wasn't aware that after I converted the cert that i needed to place the
converted cert into the keystore. Here's what I've now done to add the cert.
Server Side:
1. Generate a new keypair for wget
# keytool -genkeypair -alias wget -keystore /keys/wget.p12 -storetype
pkcs12 -keyalg RSA -dname "CN=wget,OU=test,O=test,L=city,S=South
Carolina,C=US" -keypass XXXX -storepass XXXX -validity 365
2. Create certifcate for wget
# keytool -export -alias wget -file /keys/wget.cer -keystore /keys/wget.12
-storetype pkcs12 -storepass XXXX -validity 365
3. Add wget to keystore
# keytool -import -keystore /keys/keystore.jks -alias wget -file
/keys/wget.cer -v -trustcacerts -noprompt -storepass XXXX
3. Send remote box wget cert
# scp /keys/wget.cer address@hidden:/tmp/wget.cer
Client Side:
4. Try wget
wget --secure-protocol=TLSv1 --certificate-type=DER
--certificate=/tmp/wget.cer --password=XXXX
https://IP_ADDRESS:1234/file.txt<https://ip_address:1234/file.txt>-o
/tmp/file.txt
output gives me an openssl error of:
OpenSSL: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad
certificate
On Wed, Jun 8, 2011 at 8:01 AM, Giuseppe Scrivano <address@hidden> wrote:
> please keep the mailing list CC'ed in your replies.
>
> It seems the server doesn't accept the client certificate. Are you sure
> the cert.pem certificate is included in keystore.jks?
>
> Giuseppe
>
>
>
> brad bruggemann <address@hidden> writes:
>
> > Giuseppe,
> >
> > There's a correction to my original post. The output that I get when I
> > run the original command (with secure-protocol) is:
> >
> > OpenSSL: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad
> > certificate
> >
> > When I run it without secure-protocol i get:
> >
> > OpenSSL: error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3 alert
> > unexpected message
> >
> > On Wed, Jun 8, 2011 at 7:08 AM, Giuseppe Scrivano <address@hidden>
> > wrote:
> >
> > brad bruggemann <address@hidden> writes:
> >
> > > Use wget to grab file:
> > > wget --secure-protocol=TLSv1 --certificate-type=PEM
> > --certificate=/
> > > path.to/cert.pem --password=XXXX
> > https://IP_ADDRESS:1234/file.txt -o
> > > /tmp/file.txt
> >
> >
> > what does happen if you don't specify --secure-protocol?
> >
> > Cheers,
> > Giuseppe
> >
>