On Tue, Apr 7, 2015 at 8:43 PM, Dan Lukes <dan at obluda.cz> wrote:
> el kalin wrote:
> > thanks dan? i have added the certs to the ca-root-nss.crt. it still
> > doesn't help much in my case.
>
> You didn't described your's issue in the original post.
>
> > the problem really is that i can not get any https requests from a
> freebsd
> > 10 box using a third party signed certificate with my private key and
> their
> > ca certs to work. mostly testing with wget on the command line
(it's a
> > remote machine) like:
> >
> > wget --verbose --no-cookies --certificate=local.pem
> > --ca-certificate=/usr/local/share/ca-root-nss.crt "
> > https://domain.org/soapservice.asmx?WSDL"
>
> Well ...
>
> 1. wget is third party utility, not the native FreeBSD one, so if it is
> wget's issue, you should as wget's authors/support team. But
don't
> forget local.pem should contain private key as well as certificate.
they are both together - the signed certificate and the key...
> > this is for a soap call. and the local.pem is a conversion from a
pkcs12
> > file. every time i do that i get:
> > HTTP request sent, awaiting response... 405 Method Not Allowed
>
> > does that mean that the web server actually verified the certificate
and
> > the problem is coming from the soap server application?
>
> 2. we don't know the true reason for "405 Method Not Allowed"
response.
> It has nothing to do with FreeBSD. It's matter of either configuration
> of HTTP server software (another third party application) or SOAP
> application. It may or may not be related to a certificate. The
> administrator of the www server/SOAP application in question should help
> you. We are unable to disclose a reason for particular behavior of
> unknown SOAP application.
>
> For example, you may use wrong HTTP method to access the application
> (just idea derived from error message).
>
i think it's just GET. like firefox does.
> > i am able to make a successful requests to retrieve the wsdl using
> firefox
> > after importing the signed certificate?
>
> May be it is using correct method ? Just guessing ...
>
> > also when i test the certificates agains the server with:
> >
> > openssl s_client -cert local.pem -connect domain.org:443 -CAfile
> > /usr/local/share/ca-root-nss.crt -debug
> >
> > i get to:
> >
> > Timeout : 300 (sec)
> > Verify return code: 0 (ok)
> > ---
> >
> > and then it just hangs, nothing happens - there is no a prompt back?
>
> What kind of prompt you are wishing for ? You ordered connection to the
> HTTPS server. You got it. Now you need to write a HTTP/SOAP request.
> Then you can wish for a response.
>
> I can't tell you the SOAP request format. There's nothing like
generic
> SOAP request. It's matter of the application in question. Consult
it's
> documentation or ask the author.
>
>
thank you. i think i have an idea of where to look for the answers next.
appreciate your replies...