On Tue, Apr 7, 2015 at 6:39 PM, Dan Lukes <dan at obluda.cz> wrote:
> el kalin wrote:
> >>> also how to add a CA cert to ca_root_nss file?
>
> > ok. it's in pem. but for each cert my ca-root-nss.crt has a bunch
of
> other
> > sections - like date, signature algorithm,etc - wheres the
> company-root-ca.crt
> > has only whats in-between the begin and end lines. does that matter?
>
> The certificate is located between BEGIN and END marker only. The rest
> is comment. In most cases the text dump of certificate is used as
> comment, but it's up to you.
thanks dan? i have added the certs to the ca-root-nss.crt. it still
doesn't help much in my case.
the problem really is that i can not get any https requests from a freebsd
10 box using a third party signed certificate with my private key and their
ca certs to work. mostly testing with wget on the command line (it's a
remote machine) like:
wget --verbose --no-cookies --certificate=local.pem
--ca-certificate=/usr/local/share/ca-root-nss.crt "
https://domain.org/soapservice.asmx?WSDL"
this is for a soap call. and the local.pem is a conversion from a pkcs12
file. every time i do that i get:
HTTP request sent, awaiting response... 405 Method Not Allowed
does that mean that the web server actually verified the certificate and
the problem is coming from the soap server application?
i am able to make a successful requests to retrieve the wsdl using firefox
after importing the signed certificate?
also when i test the certificates agains the server with:
openssl s_client -cert local.pem -connect domain.org:443 -CAfile
/usr/local/share/ca-root-nss.crt -debug
i get to:
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
and then it just hangs, nothing happens - there is no a prompt back?
any help at this point will be appreciated?.
thanks...