[an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive]
 
[an error occurred while processing this directive] [an error occurred while processing this directive]
Skåne Sjælland Linux User Group - http://www.sslug.dk Home   Subscribe   Mail Archive   Forum   Calendar   Search
MhonArc Date: [Date Prev] [Date Index] [Date Next]   Thread: [Date Prev] [Thread Index] [Date Next]   MhonArc
 

Re: [PROGRAMMERING] forbinde til server med pkcs12 certifikat



Hej alle,
Så er løsningen fundet; det var cacert, der ikke indeholdt de intermediate certifikater, der var mellem mit certifikat og rod-certifikatet. Så lærte jeg også det…

Mange hilsner

Lars

On 13/11/2012, at 12.51, Lars Riisgaard Ribe <sslug@sslug> wrote:

> Hej SSLUG'ere
> Jeg håber, der er en eller flere her, der har noget erfaring med certifikater eller som kan sætte mig i forbindelse med en, der har :-)
> 
> Jeg skal forbinde til en server som jeg ikke selv kontrollerer.
> 
> Alle browsere kan gå ind på:
> 
> https://ikkeminserver.dk/
> 
> Hvis man derimod går ind på:
> 
> https://ikkeminserver.dk/service
> 
> får man 403 Permission denied.
> 
> Jeg har et PKCS12 certifkat. Dette bliver nu importeret til Firefox. Når jeg går ind på:
> 
> https://ikkeminserver.dk/service
> 
> Bliver jeg spurgt om hvilket certifikat, jeg vil anvende.
> 
> Her vælger jeg det importerede certifikat og får min hello world besked.
> 
> Så langt så godt. Nu skal jeg bare kunne gøre det automatisk.
> 
> Jeg har forsøgt med wget, curl, og PHP og fået en ven til at forsøge i Python, dog uden held. Serveren og det bagvedliggende firma kører Windows, og derfor ligger de kun inde med kodeeksempler i C#, hvilket jeg helst vil undgå at bruge.
> Jeg har også forsøgt mig med openssl s_client. 
> Min egen teori er, at der er et SSL certifikat til https-forbindelsen, og så er der "et andet certifikat" til indlogning; og at alle programmeringsløsninger forsøger sig med SSL delen kun. Men jeg har absolut intet at have det i :-)
> 
> Jeg håber, der er en derude, der har prøvet noget lignende tidligere. Evt. med de gamle digitale signaturer eller lignende? Jeg er også villig til at betale for at par konsulenttimer (aftal det lige med mig inden du går igang :-) ), hvis der er nogen, der kan lede mig i den rigtige retning.
> 
> På forhånd tak
> 
> 
> Lars
> 
> Eksempel med CURL:
> 
> openssl pkcs12 -in ~/cert.pfx -out ca.pem -cacerts -nokeys
> openssl pkcs12 -in ~/cert.pfx -out client.pem -clcerts -nokeys
> openssl pkcs12 -in ~/cert.pfx -out key.pem -nocerts
> 
> curl -k -v --key key.pem --cacert ca.pem --cert client.pem https://ikkeminserver.dk/service
> * About to connect() to ikkeminserver port 443 (#0)
> *   Trying xxx.xxx.xxx.xxx...
> * connected
> * Connected to ikkeminserver.dk (xxx.xxx.xxx.xxx) port 443 (#0)
> Enter PEM pass phrase:
> * error setting certificate verify locations, continuing anyway:
> *   CAfile: ca.pem
>  CApath: none
> * SSLv3, TLS handshake, Client hello (1):
> * SSLv3, TLS handshake, Server hello (2):
> * SSLv3, TLS handshake, CERT (11):
> * SSLv3, TLS handshake, Server finished (14):
> * SSLv3, TLS handshake, Client key exchange (16):
> * SSLv3, TLS change cipher, Client hello (1):
> * SSLv3, TLS handshake, Finished (20):
> * SSLv3, TLS change cipher, Client hello (1):
> * SSLv3, TLS handshake, Finished (20):
> * SSL connection using AES128-SHA
> * Server certificate:
> <cut>certifikat detaljer</cut>
> * 	 SSL certificate verify ok.
>> GET /service/ HTTP/1.1
>> User-Agent: curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8r zlib/1.2.5
>> Host: ikkeminserver.dk
>> Accept: */*
>> 
> * SSLv3, TLS handshake, Hello request (0):
> * SSLv3, TLS handshake, Client hello (1):
> * SSLv3, TLS handshake, Server hello (2):
> * SSLv3, TLS handshake, CERT (11):
> * SSLv3, TLS handshake, Request CERT (13):
> * SSLv3, TLS handshake, Server finished (14):
> * SSLv3, TLS handshake, CERT (11):
> * SSLv3, TLS handshake, Client key exchange (16):
> * SSLv3, TLS handshake, CERT verify (15):
> * SSLv3, TLS change cipher, Client hello (1):
> * SSLv3, TLS handshake, Finished (20):
> * SSLv3, TLS change cipher, Client hello (1):
> * SSLv3, TLS handshake, Finished (20):
> < HTTP/1.1 403 Forbidden
> < Content-Type: text/html
> < Server: Microsoft-IIS/7.5
> < X-Powered-By: ASP.NET
> < Date: Tue, 13 Nov 2012 11:03:09 GMT
> < Content-Length: 1233
> < 
> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd";>
> <html xmlns="http://www.w3.org/1999/xhtml";>
> <head>
> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
> <title>403 - Forbidden: Access is denied.</title>
> <style type="text/css">
> <!--
> body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}
> fieldset{padding:0 15px 10px 15px;} 
> h1{font-size:2.4em;margin:0;color:#FFF;}
> h2{font-size:1.7em;margin:0;color:#CC0000;} 
> h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} 
> #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;
> background-color:#555555;}
> #content{margin:0 0 0 2%;position:relative;}
> .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}
> -->
> </style>
> </head>
> <body>
> <div id="header"><h1>Server Error</h1></div>
> <div id="content">
> <div class="content-container"><fieldset>
>  <h2>403 - Forbidden: Access is denied.</h2>
>  <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>
> </fieldset></div>
> </div>
> </body>
> </html>
> * Connection #0 to host ikkeminserver.dk left intact
> * Closing connection #0
> * SSLv3, TLS alert, Client hello (1):
> 



 
Home   Subscribe   Mail Archive   Index   Calendar   Search

 
 
Questions about the web-pages to <www_admin>. Last modified 2012-12-01, 02:01 CET [an error occurred while processing this directive]
This page is maintained by [an error occurred while processing this directive]MHonArc [an error occurred while processing this directive] # [an error occurred while processing this directive] *