Hi all, I am very new to openssl and I am hoping someone can help me with the following problem:
I am trying to use openssl from the command line (using s_client) to get a file off a web server using ssl. When I run the following: openssl s_client -prexit -showcerts -connect xx.xxx.xxx.xxx:443 and I get the following: CONNECTED(00000003) depth=1 /C=US/ST=IOWA/L=URBANDALE/O=ALLIED/OU=NETWORK SERVICES/CN=URBFTP01 verify error:num=19:self signed certificate in certificate chain verify return:0 --- Certificate chain 0 s:/C=US/ST=IOWA/L=URBANDALE/O=ALLIED/OU=NETWORK SERVICES/OU=SecureTransport Server/CN=URBFTP01 i:/C=US/ST=IOWA/L=URBANDALE/O=ALLIED/OU=NETWORK SERVICES/CN=URBFTP01 -----BEGIN CERTIFICATE----- MIICbzCCAdgCAQIwDQYJKoZIhvcNAQEEBQAwbzELMAkGA1UEBhMCVVMxDTALBgNV BAgTBElPV0ExEjAQBgNVBAcTCVVSQkFOREFMRTEPMA0GA1UEChMGQUxMSUVEMRkw FwYDVQQLExBORVRXT1JLIFNFUlZJQ0VTMREwDwYDVQQDEwhVUkJGVFAwMTAeFw0w MjA1MDgxMTUyNDJaFw0wMzA1MDgxMTUyNDJaMIGQMQswCQYDVQQGEwJVUzENMAsG A1UECBMESU9XQTESMBAGA1UEBxMJVVJCQU5EQUxFMQ8wDQYDVQQKEwZBTExJRUQx GTAXBgNVBAsTEE5FVFdPUksgU0VSVklDRVMxHzAdBgNVBAsTFlNlY3VyZVRyYW5z cG9ydCBTZXJ2ZXIxETAPBgNVBAMTCFVSQkZUUDAxMIGfMA0GCSqGSIb3DQEBAQUA A4GNADCBiQKBgQDb2JJEZrpgOGzvmdALpzsPtO75kSmbYygcLdyzKLgeZDMzNMNj /Y1BWmpH8iCLneJYlkQ6PVU307CwK5kYuvBHHHOu4rieGhUQ1aFvkQ3+30U32dKr M+6MMoFJxCW/q6y6gFOc3bSQmRr/JGQXX4o3g1J9YhYMgY6U+UTx2xJzewIDAQAB MA0GCSqGSIb3DQEBBAUAA4GBALmZZyiGHSwdfc4NKIH0oyzKkwMeK33gH5Xa7xFO rtYKZNXvvuhowHW/r080rfXZrYmKRv27KlvxFGSOJYoJg3tlD7mpHkrezLMr1rhC 72MDOhE6+LAd327Czw4LVFz347GQpg/Ki8ArSfNXggcGK8o61zig+0GmpzG/XU+D Xlq+ -----END CERTIFICATE----- 1 s:/C=US/ST=IOWA/L=URBANDALE/O=ALLIED/OU=NETWORK SERVICES/CN=URBFTP01 i:/C=US/ST=IOWA/L=URBANDALE/O=ALLIED/OU=NETWORK SERVICES/CN=URBFTP01 -----BEGIN CERTIFICATE----- MIICUjCCAbugAwIBAgIBADANBgkqhkiG9w0BAQQFADBvMQswCQYDVQQGEwJVUzEN MAsGA1UECBMESU9XQTESMBAGA1UEBxMJVVJCQU5EQUxFMQ8wDQYDVQQKEwZBTExJ RUQxGTAXBgNVBAsTEE5FVFdPUksgU0VSVklDRVMxETAPBgNVBAMTCFVSQkZUUDAx MB4XDTAyMDUwODExNTIwMVoXDTAzMDUwODExNTIwMVowbzELMAkGA1UEBhMCVVMx DTALBgNVBAgTBElPV0ExEjAQBgNVBAcTCVVSQkFOREFMRTEPMA0GA1UEChMGQUxM SUVEMRkwFwYDVQQLExBORVRXT1JLIFNFUlZJQ0VTMREwDwYDVQQDEwhVUkJGVFAw MTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwHzbTE//oMejvDdJI1h8mCY5 eBkUlxNa/UqPEuq6lLocHXjJIshETHuC8sZ1TJJwwMc6+ARcASjHomRTGh/2xO5l GwXt+ZFoE0kNmkFOwCPCZtpGIKOqGF0GomUyy6WRpt35vXacnKulIwZ/u2srztUE U/HuDXVd5I2jnPNHlCECAwEAATANBgkqhkiG9w0BAQQFAAOBgQCHVj9GVxI5WZa7 ycFHhPjVnFhqOWZJQRQObZ5+VKUocG04B43V76bUS3hCi+Wrow+krXD2j0Oovah7 n75HNm7TVbI+k+36BJSygSqW686p7xubnqZz0g73WOSTiQhSqLwJUtpWKmpMb1IG hVscwVYGq2QUdEeD5FtXYI4PJ7+txw== -----END CERTIFICATE----- --- Server certificate subject=/C=US/ST=IOWA/L=URBANDALE/O=ALLIED/OU=NETWORK SERVICES/OU=SecureTransport Server/CN=URBFTP01 issuer=/C=US/ST=IOWA/L=URBANDALE/O=ALLIED/OU=NETWORK SERVICES/CN=URBFTP01 --- No client certificate CA names sent --- SSL handshake has read 1752 bytes and written 314 bytes --- New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA Server public key is 1024 bit SSL-Session: Protocol : TLSv1 Cipher : EDH-RSA-DES-CBC3-SHA Session-ID: Session-ID-ctx: Master-Key: A4B7765876D6E1B1863B1BE32157B279394864CE8389AC199E6C395CF204406CF1B7436C48F43682A4487077C8F2C64D Key-Arg : None Start Time: 1026398836 Timeout : 300 (sec) Verify return code: 19 (self signed certificate in certificate chain) --- GET / <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <HTML><HEAD> <TITLE>302 Found</TITLE> </HEAD><BODY> <H1>Found</H1> The document has moved <A HREF= "https://URBFTP01.ALLIED.NWIE.NET:443/?&STCO=1PS2a3cCoPQcAAAg8PS0&STCOEND"; >here</A>.<P> <P>Additionally, a 302 Found error was encountered while trying to use an ErrorDocument to handle the request. </BODY></HTML> closed -- Certificate chain 0 s:/C=US/ST=IOWA/L=URBANDALE/O=ALLIED/OU=NETWORK SERVICES/OU=SecureTransport Server/CN=URBFTP01 i:/C=US/ST=IOWA/L=URBANDALE/O=ALLIED/OU=NETWORK SERVICES/CN=URBFTP01 -----BEGIN CERTIFICATE----- MIICbzCCAdgCAQIwDQYJKoZIhvcNAQEEBQAwbzELMAkGA1UEBhMCVVMxDTALBgNV BAgTBElPV0ExEjAQBgNVBAcTCVVSQkFOREFMRTEPMA0GA1UEChMGQUxMSUVEMRkw FwYDVQQLExBORVRXT1JLIFNFUlZJQ0VTMREwDwYDVQQDEwhVUkJGVFAwMTAeFw0w MjA1MDgxMTUyNDJaFw0wMzA1MDgxMTUyNDJaMIGQMQswCQYDVQQGEwJVUzENMAsG A1UECBMESU9XQTESMBAGA1UEBxMJVVJCQU5EQUxFMQ8wDQYDVQQKEwZBTExJRUQx GTAXBgNVBAsTEE5FVFdPUksgU0VSVklDRVMxHzAdBgNVBAsTFlNlY3VyZVRyYW5z cG9ydCBTZXJ2ZXIxETAPBgNVBAMTCFVSQkZUUDAxMIGfMA0GCSqGSIb3DQEBAQUA A4GNADCBiQKBgQDb2JJEZrpgOGzvmdALpzsPtO75kSmbYygcLdyzKLgeZDMzNMNj /Y1BWmpH8iCLneJYlkQ6PVU307CwK5kYuvBHHHOu4rieGhUQ1aFvkQ3+30U32dKr M+6MMoFJxCW/q6y6gFOc3bSQmRr/JGQXX4o3g1J9YhYMgY6U+UTx2xJzewIDAQAB MA0GCSqGSIb3DQEBBAUAA4GBALmZZyiGHSwdfc4NKIH0oyzKkwMeK33gH5Xa7xFO rtYKZNXvvuhowHW/r080rfXZrYmKRv27KlvxFGSOJYoJg3tlD7mpHkrezLMr1rhC 72MDOhE6+LAd327Czw4LVFz347GQpg/Ki8ArSfNXggcGK8o61zig+0GmpzG/XU+D Xlq+ -----END CERTIFICATE----- 1 s:/C=US/ST=IOWA/L=URBANDALE/O=ALLIED/OU=NETWORK SERVICES/CN=URBFTP01 i:/C=US/ST=IOWA/L=URBANDALE/O=ALLIED/OU=NETWORK SERVICES/CN=URBFTP01 -----BEGIN CERTIFICATE----- MIICUjCCAbugAwIBAgIBADANBgkqhkiG9w0BAQQFADBvMQswCQYDVQQGEwJVUzEN MAsGA1UECBMESU9XQTESMBAGA1UEBxMJVVJCQU5EQUxFMQ8wDQYDVQQKEwZBTExJ RUQxGTAXBgNVBAsTEE5FVFdPUksgU0VSVklDRVMxETAPBgNVBAMTCFVSQkZUUDAx MB4XDTAyMDUwODExNTIwMVoXDTAzMDUwODExNTIwMVowbzELMAkGA1UEBhMCVVMx DTALBgNVBAgTBElPV0ExEjAQBgNVBAcTCVVSQkFOREFMRTEPMA0GA1UEChMGQUxM SUVEMRkwFwYDVQQLExBORVRXT1JLIFNFUlZJQ0VTMREwDwYDVQQDEwhVUkJGVFAw MTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwHzbTE//oMejvDdJI1h8mCY5 eBkUlxNa/UqPEuq6lLocHXjJIshETHuC8sZ1TJJwwMc6+ARcASjHomRTGh/2xO5l GwXt+ZFoE0kNmkFOwCPCZtpGIKOqGF0GomUyy6WRpt35vXacnKulIwZ/u2srztUE U/HuDXVd5I2jnPNHlCECAwEAATANBgkqhkiG9w0BAQQFAAOBgQCHVj9GVxI5WZa7 ycFHhPjVnFhqOWZJQRQObZ5+VKUocG04B43V76bUS3hCi+Wrow+krXD2j0Oovah7 n75HNm7TVbI+k+36BJSygSqW686p7xubnqZz0g73WOSTiQhSqLwJUtpWKmpMb1IG hVscwVYGq2QUdEeD5FtXYI4PJ7+txw== -----END CERTIFICATE----- --- Server certificate subject=/C=US/ST=IOWA/L=URBANDALE/O=ALLIED/OU=NETWORK SERVICES/OU=SecureTransport Server/CN=URBFTP01 issuer=/C=US/ST=IOWA/L=URBANDALE/O=ALLIED/OU=NETWORK SERVICES/CN=URBFTP01 --- No client certificate CA names sent --- SSL handshake has read 2178 bytes and written 380 bytes --- New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA Server public key is 1024 bit SSL-Session: Protocol : TLSv1 Cipher : EDH-RSA-DES-CBC3-SHA Session-ID: Session-ID-ctx: Master-Key: A4B7765876D6E1B1863B1BE32157B279394864CE8389AC199E6C395CF204406CF1B7436C48F43682A4487077C8F2C64D Key-Arg : None Start Time: 1026398836 Timeout : 300 (sec) Verify return code: 19 (self signed certificate in certificate chain) --- I think its because the are not sending back any information in the CA list when I access their site using mozilla browser I get a message that the certificate being presented belong to them/some wierd name. Then when I click ok the page comes up and everything is ok. The site that I am trying to access is not being very cooperative or helpful, I am trying to automate retrieving of a file off their web site instead of having to go to the web site and click on it. I am sure there are tons more better ways to do this but I am new to this job and this is how they have been doing it and the company doesn't want to open up thier machine to us. the machine I am working off of is a red hat 7.3 linux box and I have downloaded and installed the latest openssl OpenSSL> version OpenSSL 0.9.6b [engine] 9 Jul 2001 OpenSSL> any ideas/advice would be greatly appriciated! dougc ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
