Re: [Bug-wget] Issue with TOMCAT SSL server wget

bug-wget

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] Issue with TOMCAT SSL server wget

From:	brad bruggemann
Subject:	Re: [Bug-wget] Issue with TOMCAT SSL server wget
Date:	Thu, 9 Jun 2011 12:56:54 -0400

Problem fixed:

1) Convert server cert
openssl x509 -inform DER -outform PEM -in servercert.crt -out servercert.pem

2) Break out user cert and key from container
openssl pkcs12 -nocerts -in user.p12 -out userkey.pem
openssl pkcs12 -nokeys -in user.p12 -out usercert.pem

3) wget it
wget --private-key=userkey.pem --certificate=usercert.pem
--ca-certificate=servercert.pem https://IP_ADDRESS:PORT/file.txt

On Wed, Jun 8, 2011 at 11:44 AM, brad bruggemann <
address@hidden> wrote:

> I wasn't aware that after I converted the cert that i needed to place the
> converted cert into the keystore. Here's what I've now done to add the cert.
>
> Server Side:
>
> 1. Generate a new keypair for wget
> # keytool  -genkeypair -alias wget -keystore /keys/wget.p12 -storetype
> pkcs12 -keyalg RSA -dname "CN=wget,OU=test,O=test,L=city,S=South
> Carolina,C=US" -keypass XXXX -storepass XXXX -validity 365
>
> 2. Create certifcate for wget
> # keytool -export -alias wget -file /keys/wget.cer -keystore /keys/wget.12
> -storetype pkcs12 -storepass XXXX -validity 365
>
> 3. Add wget to keystore
> # keytool -import -keystore /keys/keystore.jks -alias wget -file
> /keys/wget.cer -v -trustcacerts -noprompt -storepass XXXX
>
> 3. Send remote box wget cert
> # scp /keys/wget.cer address@hidden:/tmp/wget.cer
>
> Client Side:
>
> 4. Try wget
> wget --secure-protocol=TLSv1 --certificate-type=DER
> --certificate=/tmp/wget.cer --password=XXXX
> https://IP_ADDRESS:1234/file.txt <https://ip_address:1234/file.txt> -o
> /tmp/file.txt
>
> output gives me an openssl error of:
>
>
> OpenSSL: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad
> certificate
>
>
>
>
>
>
> On Wed, Jun 8, 2011 at 8:01 AM, Giuseppe Scrivano <address@hidden>wrote:
>
>> please keep the mailing list CC'ed in your replies.
>>
>> It seems the server doesn't accept the client certificate.  Are you sure
>> the cert.pem certificate is included in keystore.jks?
>>
>> Giuseppe
>>
>>
>>
>> brad bruggemann <address@hidden> writes:
>>
>> > Giuseppe,
>> >
>> > There's a correction to my original post. The output that I get when I
>> > run the original command (with secure-protocol) is:
>> >
>> > OpenSSL: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad
>> > certificate
>> >
>> > When I run it without secure-protocol i get:
>> >
>> > OpenSSL: error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3 alert
>> > unexpected message
>> >
>> > On Wed, Jun 8, 2011 at 7:08 AM, Giuseppe Scrivano <address@hidden>
>> > wrote:
>> >
>> >     brad bruggemann <address@hidden> writes:
>> >
>> >     >     Use wget to grab file:
>> >     >     wget --secure-protocol=TLSv1 --certificate-type=PEM
>> >     --certificate=/
>> >     > path.to/cert.pem --password=XXXX
>> >     https://IP_ADDRESS:1234/file.txt -o
>> >     > /tmp/file.txt
>> >
>> >
>> >     what does happen if you don't specify --secure-protocol?
>> >
>> >     Cheers,
>> >     Giuseppe
>> >
>>
>
>

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug-wget] Issue with TOMCAT SSL server wget, brad bruggemann, 2011/06/07
- Re: [Bug-wget] Issue with TOMCAT SSL server wget, Giuseppe Scrivano, 2011/06/08
  - Message not available
    - Re: [Bug-wget] Issue with TOMCAT SSL server wget, Giuseppe Scrivano, 2011/06/08
    - Re: [Bug-wget] Issue with TOMCAT SSL server wget, brad bruggemann, 2011/06/09
    - Re: [Bug-wget] Issue with TOMCAT SSL server wget, brad bruggemann <=

Prev by Date: Re: [Bug-wget] Issue with TOMCAT SSL server wget
Next by Date: [Bug-wget] wget to a folder
Previous by thread: Re: [Bug-wget] Issue with TOMCAT SSL server wget
Next by thread: Re: [Bug-wget] CNET download links not working with WGET
Index(es):
- Date
- Thread