Re: [Bug-wget] Issue with TOMCAT SSL server wget

bug-wget

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] Issue with TOMCAT SSL server wget

From:	brad bruggemann
Subject:	Re: [Bug-wget] Issue with TOMCAT SSL server wget
Date:	Wed, 8 Jun 2011 11:44:15 -0400

I wasn't aware that after I converted the cert that i needed to place the
converted cert into the keystore. Here's what I've now done to add the cert.

Server Side:

1. Generate a new keypair for wget
# keytool  -genkeypair -alias wget -keystore /keys/wget.p12 -storetype
pkcs12 -keyalg RSA -dname "CN=wget,OU=test,O=test,L=city,S=South
Carolina,C=US" -keypass XXXX -storepass XXXX -validity 365

2. Create certifcate for wget
# keytool -export -alias wget -file /keys/wget.cer -keystore /keys/wget.12
-storetype pkcs12 -storepass XXXX -validity 365

3. Add wget to keystore
# keytool -import -keystore /keys/keystore.jks -alias wget -file
/keys/wget.cer -v -trustcacerts -noprompt -storepass XXXX

3. Send remote box wget cert
# scp /keys/wget.cer address@hidden:/tmp/wget.cer

Client Side:

4. Try wget
wget --secure-protocol=TLSv1 --certificate-type=DER
--certificate=/tmp/wget.cer --password=XXXX
https://IP_ADDRESS:1234/file.txt<https://ip_address:1234/file.txt>-o
/tmp/file.txt

output gives me an openssl error of:

OpenSSL: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad
certificate

On Wed, Jun 8, 2011 at 8:01 AM, Giuseppe Scrivano <address@hidden> wrote:

> please keep the mailing list CC'ed in your replies.
>
> It seems the server doesn't accept the client certificate.  Are you sure
> the cert.pem certificate is included in keystore.jks?
>
> Giuseppe
>
>
>
> brad bruggemann <address@hidden> writes:
>
> > Giuseppe,
> >
> > There's a correction to my original post. The output that I get when I
> > run the original command (with secure-protocol) is:
> >
> > OpenSSL: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad
> > certificate
> >
> > When I run it without secure-protocol i get:
> >
> > OpenSSL: error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3 alert
> > unexpected message
> >
> > On Wed, Jun 8, 2011 at 7:08 AM, Giuseppe Scrivano <address@hidden>
> > wrote:
> >
> >     brad bruggemann <address@hidden> writes:
> >
> >     >     Use wget to grab file:
> >     >     wget --secure-protocol=TLSv1 --certificate-type=PEM
> >     --certificate=/
> >     > path.to/cert.pem --password=XXXX
> >     https://IP_ADDRESS:1234/file.txt -o
> >     > /tmp/file.txt
> >
> >
> >     what does happen if you don't specify --secure-protocol?
> >
> >     Cheers,
> >     Giuseppe
> >
>

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug-wget] Issue with TOMCAT SSL server wget, brad bruggemann, 2011/06/07
- Re: [Bug-wget] Issue with TOMCAT SSL server wget, Giuseppe Scrivano, 2011/06/08
  - Message not available
    - Re: [Bug-wget] Issue with TOMCAT SSL server wget, Giuseppe Scrivano, 2011/06/08
    - Re: [Bug-wget] Issue with TOMCAT SSL server wget, brad bruggemann <=
    - Re: [Bug-wget] Issue with TOMCAT SSL server wget, brad bruggemann, 2011/06/09

Prev by Date: Re: [Bug-wget] wget fails to encode spaces in URLs
Next by Date: Re: [Bug-wget] Issue with TOMCAT SSL server wget
Previous by thread: Re: [Bug-wget] Issue with TOMCAT SSL server wget
Next by thread: Re: [Bug-wget] Issue with TOMCAT SSL server wget
Index(es):
- Date
- Thread