0 Replies Latest reply: Mar 12, 2012 5:50 PM by Bobm53-Oracle RSS

    Testing client authentication with wget.

    Bobm53-Oracle
      Hi friends,
      I'm testing certificate client authentication to a WS7 with client certificates stored on ldap (DSEE7).
      I have a client certificate and its private key on client side too. So I execute the following wget command on solaris:

      */usr/sfw/bin/wget -d -U "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.78 Safari/535.11" secure-protocol=SSLv3 no-check-certificate certificate=./cert.pem certificate-type=PEM privatekey=./key.pem private-key-type=PEM https://10.10.6.27/.....*
      +Setting --secure-protocol (secureprotocol) to SSLv3+
      +Setting --check-certificate (checkcertificate) to 0+
      +Setting --certificate (certificate) to ./cert.pem+
      +Setting --certificate-type (certificatetype) to PEM+
      +Setting --private-key (privatekey) to ./key.pem+
      +Setting --private-key-type (privatekeytype) to PEM+
      Handshake successful; connected socket 3 to SSL handle 0x00095940

      Final result is "403 Forbidden".
      During execution I don't see any attempt to retrieve any certificate on ldap side, while in the WS7 error log I see:

      failure ( 4444): for host 10.10.7.12 trying to GET /INTE/GestioneVoucherService_v1_0, Client-Auth reports: HTTP4028: Error completing handshake (SSL_ERROR_RENEGOTIATION_NOT_ALLOWED: SSL renegotiation is not allowed.)
      security ( 4444): HTTP4290: get_auth_user_ssl: client passed no certificate.
      security ( 4444): for host 10.10.7.12 trying to GET /......., acl-state reports: HTTP5191: access of /app/webserver7/https-....... denied by ACL uri=/..... directive 1

      It seems to me that wget is not presenting the client certificate to the server....
      What do you think?