SSLUG-msg00002.html

[an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive]

[an error occurred while processing this directive] [an error occurred while processing this directive]

	Home		Subscribe		Mail Archive		Forum		Calendar		Search
	Date:				Thread:

forbinde til server med pkcs12 certifikat

To: Sslug-Programmering <sslug@sslug>
Subject: forbinde til server med pkcs12 certifikat
From: Lars Riisgaard Ribe <sslug@sslug>
Date: Tue, 13 Nov 2012 11:51:11 +0000
Accept-language: da-DK, en-US
Thread-index: AQHNwZUs18o15AVsWEqX2tCUlF51vw==
Thread-topic: forbinde til server med pkcs12 certifikat

Hej SSLUG'ere
Jeg håber, der er en eller flere her, der har noget erfaring med certifikater eller som kan sætte mig i forbindelse med en, der har :-)

Jeg skal forbinde til en server som jeg ikke selv kontrollerer.

Alle browsere kan gå ind på:

https://ikkeminserver.dk/

Hvis man derimod går ind på:

https://ikkeminserver.dk/service

får man 403 Permission denied.

Jeg har et PKCS12 certifkat. Dette bliver nu importeret til Firefox. Når jeg går ind på:

https://ikkeminserver.dk/service

Bliver jeg spurgt om hvilket certifikat, jeg vil anvende.

Her vælger jeg det importerede certifikat og får min hello world besked.

Så langt så godt. Nu skal jeg bare kunne gøre det automatisk.

Jeg har forsøgt med wget, curl, og PHP og fået en ven til at forsøge i Python, dog uden held. Serveren og det bagvedliggende firma kører Windows, og derfor ligger de kun inde med kodeeksempler i C#, hvilket jeg helst vil undgå at bruge.
Jeg har også forsøgt mig med openssl s_client. 
Min egen teori er, at der er et SSL certifikat til https-forbindelsen, og så er der "et andet certifikat" til indlogning; og at alle programmeringsløsninger forsøger sig med SSL delen kun. Men jeg har absolut intet at have det i :-)

Jeg håber, der er en derude, der har prøvet noget lignende tidligere. Evt. med de gamle digitale signaturer eller lignende? Jeg er også villig til at betale for at par konsulenttimer (aftal det lige med mig inden du går igang :-) ), hvis der er nogen, der kan lede mig i den rigtige retning.

På forhånd tak


Lars

Eksempel med CURL:

openssl pkcs12 -in ~/cert.pfx -out ca.pem -cacerts -nokeys
openssl pkcs12 -in ~/cert.pfx -out client.pem -clcerts -nokeys
openssl pkcs12 -in ~/cert.pfx -out key.pem -nocerts

curl -k -v --key key.pem --cacert ca.pem --cert client.pem https://ikkeminserver.dk/service
* About to connect() to ikkeminserver port 443 (#0)
*   Trying xxx.xxx.xxx.xxx...
* connected
* Connected to ikkeminserver.dk (xxx.xxx.xxx.xxx) port 443 (#0)
Enter PEM pass phrase:
* error setting certificate verify locations, continuing anyway:
*   CAfile: ca.pem
  CApath: none
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using AES128-SHA
* Server certificate:
<cut>certifikat detaljer</cut>
* 	 SSL certificate verify ok.
> GET /service/ HTTP/1.1
> User-Agent: curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8r zlib/1.2.5
> Host: ikkeminserver.dk
> Accept: */*
> 
* SSLv3, TLS handshake, Hello request (0):
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Request CERT (13):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS handshake, CERT verify (15):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
< HTTP/1.1 403 Forbidden
< Content-Type: text/html
< Server: Microsoft-IIS/7.5
< X-Powered-By: ASP.NET
< Date: Tue, 13 Nov 2012 11:03:09 GMT
< Content-Length: 1233
< 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd";>
<html xmlns="http://www.w3.org/1999/xhtml";>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>403 - Forbidden: Access is denied.</title>
<style type="text/css">
<!--
body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}
fieldset{padding:0 15px 10px 15px;} 
h1{font-size:2.4em;margin:0;color:#FFF;}
h2{font-size:1.7em;margin:0;color:#CC0000;} 
h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} 
#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;
background-color:#555555;}
#content{margin:0 0 0 2%;position:relative;}
.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}
-->
</style>
</head>
<body>
<div id="header"><h1>Server Error</h1></div>
<div id="content">
 <div class="content-container"><fieldset>
  <h2>403 - Forbidden: Access is denied.</h2>
  <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>
 </fieldset></div>
</div>
</body>
</html>
* Connection #0 to host ikkeminserver.dk left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):

Follow-Ups:
- Re: [PROGRAMMERING] forbinde til server med pkcs12 certifikat
  - From: Lars Riisgaard Ribe

Next by Date: Re: [PROGRAMMERING] forbinde til server med pkcs12 certifikat, Lars Riisgaard Ribe
Next by Thread: Re: [PROGRAMMERING] forbinde til server med pkcs12 certifikat
Index(es)
- Date Index
- Thread Index

Home

Subscribe

Mail Archive

Index

Calendar

Search

Questions about the web-pages to <www_admin>.

Last modified 2012-12-01, 02:01 CET [an error occurred while processing this directive]
This page is maintained by [an error occurred while processing this directive]MHonArc [an error occurred while processing this directive] # [an error occurred while processing this directive] *