> From: owner-openssl-us...@openssl.org On Behalf Of Sukumar Bhukta > Sent: Friday, 12 April, 2013 01:20
> We have a master client (developed using TIBCO\BW) which calls a HTTP > web service and got URI and port dynamically back. From the output > (the URI and port) we need these as input and would call another web > service. The issue occurs because we don't have the full certificate. > Since we get the web service dynamically so it is difficult for us to > import the certificate beforehand. > And these servers use certs that AREN'T under a trusted CA? If you import (and trust) whatever certificate(s) you find often you end up trusting an imposter system and breached. But that's up to you. > Now we are planning to use openssl ( as a command line execution from > TIBCO process) to get the certificates as below: > openssl s_client -showcerts -host <<HOST>> -port <<PORT>> > I presume you capture the output and use it? Both stdout and stderr? I think openssl commandline may use both. > But in few case for our internal site (mail.cognizant.com) we are able > to get the certificates but for our one such actual web service (host > 10.238.9.126 -port 3106)we are not able to retrieve the certificates. > Is there something I am missing...do we have to open any port to > access this? > > we are getting below error: > > --------------------------------------- > Loading 'screen' into random state -connect: No such file or directory > done > connect:errno=0 > ---------------------------------------- > Apparently you are on Windows. s_client handling of connect errors on Windows is not very good, and may have got worse with 1.0.0; what version are you using? Even so, I haven't seen it interleave the error messages like that; is that via your "master client" or manual? You do need TCP connect to the target host&port working. First make sure you can reach the host at all with ping or tracert (Windows equivalent of traceroute). Then try a program that just makes a TCP connection: telnet is the simplest, but is not installed by default on Windows>=Seven. putty can do "raw" TCP (as well as many other things not relevant here) but you must select "close window never" and click past "host closed" to get the actual error (!). ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
