On Tue, Apr 7, 2015 at 8:43 PM, Dan Lukes <d...@obluda.cz> wrote: > el kalin wrote: > > thanks dan… i have added the certs to the ca-root-nss.crt. it still > > doesn't help much in my case. > > You didn't described your's issue in the original post. > > > the problem really is that i can not get any https requests from a > freebsd > > 10 box using a third party signed certificate with my private key and > their > > ca certs to work. mostly testing with wget on the command line (it's a > > remote machine) like: > > > > wget --verbose --no-cookies --certificate=local.pem > > --ca-certificate=/usr/local/share/ca-root-nss.crt " > > https://domain.org/soapservice.asmx?WSDL"; > > Well ... > > 1. wget is third party utility, not the native FreeBSD one, so if it is > wget's issue, you should as wget's authors/support team. But don't > forget local.pem should contain private key as well as certificate.
they are both together - the signed certificate and the key... > > this is for a soap call. and the local.pem is a conversion from a pkcs12 > > file. every time i do that i get: > > HTTP request sent, awaiting response... 405 Method Not Allowed > > > does that mean that the web server actually verified the certificate and > > the problem is coming from the soap server application? > > 2. we don't know the true reason for "405 Method Not Allowed" response. > It has nothing to do with FreeBSD. It's matter of either configuration > of HTTP server software (another third party application) or SOAP > application. It may or may not be related to a certificate. The > administrator of the www server/SOAP application in question should help > you. We are unable to disclose a reason for particular behavior of > unknown SOAP application. > > For example, you may use wrong HTTP method to access the application > (just idea derived from error message). > i think it's just GET. like firefox does. > > i am able to make a successful requests to retrieve the wsdl using > firefox > > after importing the signed certificate… > > May be it is using correct method ? Just guessing ... > > > also when i test the certificates agains the server with: > > > > openssl s_client -cert local.pem -connect domain.org:443 -CAfile > > /usr/local/share/ca-root-nss.crt -debug > > > > i get to: > > > > Timeout : 300 (sec) > > Verify return code: 0 (ok) > > --- > > > > and then it just hangs, nothing happens - there is no a prompt back… > > What kind of prompt you are wishing for ? You ordered connection to the > HTTPS server. You got it. Now you need to write a HTTP/SOAP request. > Then you can wish for a response. > > I can't tell you the SOAP request format. There's nothing like generic > SOAP request. It's matter of the application in question. Consult it's > documentation or ask the author. > > thank you. i think i have an idea of where to look for the answers next. appreciate your replies... _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
