I'm testing certificate client authentication to a WS7 with client certificates stored on ldap (DSEE7).
I have a client certificate and its private key on client side too. So I execute the following wget command on solaris:
*/usr/sfw/bin/wget -d -U "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.78 Safari/535.11" secure-protocol=SSLv3 no-check-certificate certificate=./cert.pem certificate-type=PEM privatekey=./key.pem private-key-type=PEM https://10.10.6.27/.....*
+Setting --secure-protocol (secureprotocol) to SSLv3+
+Setting --check-certificate (checkcertificate) to 0+
+Setting --certificate (certificate) to ./cert.pem+
+Setting --certificate-type (certificatetype) to PEM+
+Setting --private-key (privatekey) to ./key.pem+
+Setting --private-key-type (privatekeytype) to PEM+ Handshake successful; connected socket 3 to SSL handle 0x00095940
Final result is "403 Forbidden".
During execution I don't see any attempt to retrieve any certificate on ldap side, while in the WS7 error log I see:
failure ( 4444): for host 10.10.7.12 trying to GET /INTE/GestioneVoucherService_v1_0, Client-Auth reports: HTTP4028: Error completing handshake (SSL_ERROR_RENEGOTIATION_NOT_ALLOWED: SSL renegotiation is not allowed.) security ( 4444): HTTP4290: get_auth_user_ssl: client passed no certificate. security ( 4444): for host 10.10.7.12 trying to GET /......., acl-state reports: HTTP5191: access of /app/webserver7/https-....... denied by ACL uri=/..... directive 1
It seems to me that wget is not presenting the client certificate to the server....
What do you think?