On Tue, Apr 7, 2015 at 6:39 PM, Dan Lukes <d...@obluda.cz> wrote: > el kalin wrote: > >>> also how to add a CA cert to ca_root_nss file? > > > ok. it's in pem. but for each cert my ca-root-nss.crt has a bunch of > other > > sections - like date, signature algorithm,etc - wheres the > company-root-ca.crt > > has only whats in-between the begin and end lines. does that matter? > > The certificate is located between BEGIN and END marker only. The rest > is comment. In most cases the text dump of certificate is used as > comment, but it's up to you.
thanks dan… i have added the certs to the ca-root-nss.crt. it still doesn't help much in my case. the problem really is that i can not get any https requests from a freebsd 10 box using a third party signed certificate with my private key and their ca certs to work. mostly testing with wget on the command line (it's a remote machine) like: wget --verbose --no-cookies --certificate=local.pem --ca-certificate=/usr/local/share/ca-root-nss.crt " https://domain.org/soapservice.asmx?WSDL"; this is for a soap call. and the local.pem is a conversion from a pkcs12 file. every time i do that i get: HTTP request sent, awaiting response... 405 Method Not Allowed does that mean that the web server actually verified the certificate and the problem is coming from the soap server application? i am able to make a successful requests to retrieve the wsdl using firefox after importing the signed certificate… also when i test the certificates agains the server with: openssl s_client -cert local.pem -connect domain.org:443 -CAfile /usr/local/share/ca-root-nss.crt -debug i get to: Timeout : 300 (sec) Verify return code: 0 (ok) --- and then it just hangs, nothing happens - there is no a prompt back… any help at this point will be appreciated…. thanks... _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
