I wasn't aware that after I converted the cert that i needed to place the converted cert into the keystore. Here's what I've now done to add the cert.
Server Side: 1. Generate a new keypair for wget # keytool -genkeypair -alias wget -keystore /keys/wget.p12 -storetype pkcs12 -keyalg RSA -dname "CN=wget,OU=test,O=test,L=city,S=South Carolina,C=US" -keypass XXXX -storepass XXXX -validity 365 2. Create certifcate for wget # keytool -export -alias wget -file /keys/wget.cer -keystore /keys/wget.12 -storetype pkcs12 -storepass XXXX -validity 365 3. Add wget to keystore # keytool -import -keystore /keys/keystore.jks -alias wget -file /keys/wget.cer -v -trustcacerts -noprompt -storepass XXXX 3. Send remote box wget cert # scp /keys/wget.cer user@ip:/tmp/wget.cer Client Side: 4. Try wget wget --secure-protocol=TLSv1 --certificate-type=DER --certificate=/tmp/wget.cer --password=XXXX https://IP_ADDRESS:1234/file.txt<https://ip_address:1234/file.txt>-o /tmp/file.txt output gives me an openssl error of: OpenSSL: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate On Wed, Jun 8, 2011 at 8:01 AM, Giuseppe Scrivano <[email protected]> wrote: > please keep the mailing list CC'ed in your replies. > > It seems the server doesn't accept the client certificate. Are you sure > the cert.pem certificate is included in keystore.jks? > > Giuseppe > > > > brad bruggemann <[email protected]> writes: > > > Giuseppe, > > > > There's a correction to my original post. The output that I get when I > > run the original command (with secure-protocol) is: > > > > OpenSSL: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad > > certificate > > > > When I run it without secure-protocol i get: > > > > OpenSSL: error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3 alert > > unexpected message > > > > On Wed, Jun 8, 2011 at 7:08 AM, Giuseppe Scrivano <[email protected]> > > wrote: > > > > brad bruggemann <[email protected]> writes: > > > > > Use wget to grab file: > > > wget --secure-protocol=TLSv1 --certificate-type=PEM > > --certificate=/ > > > path.to/cert.pem --password=XXXX > > https://IP_ADDRESS:1234/file.txt -o > > > /tmp/file.txt > > > > > > what does happen if you don't specify --secure-protocol? > > > > Cheers, > > Giuseppe > > >
