Thank you very much Martin, that did the trick. Now the odd part: I tried your suggestion of trying the pca-generated wget command in the terminal (without ssprot=http), and it works just fine. Here is the command:
/usr/bin/wget "https://sunsolve.sun.com/patchdiag.xref"; --ca-certificate=/srv/www/cgi-bin/pca-proxy.cgi -O /var/tmp/pca/patchdiag.xref but this is still running through our company proxy server on port 80. The wget command also succeeds when I include "wgetproxy=http://company.server:80"; in /etc/pca-proxy.conf. I'm happy with using the working method over HTTP, but any ideas why HTTPS works only outside of pca? -Paul [email protected] wrote on 06/09/2009 03:03:09 AM: > Hi Paul, > > > The tail end of the contents of /tmp/pca-proxy-debug.txt is: > > ... > > Mon Jun 8 14:51:56 2009: /usr/bin/wget > > "https://sunsolve.sun.com/patchdiag.xref > > " --ca-certificate=/srv/www/cgi-bin/pca-proxy.cgi -O > > /var/tmp/pca/patchdiag.xref > > >>/tmp/pca-proxy-debug.txt 2>&1 > > --14:51:56-- https://sunsolve.sun.com/patchdiag.xref > > => `/var/tmp/pca/patchdiag.xref' > > Resolving sunsolve.sun.com... 192.18.108.40 > > Connecting to sunsolve.sun.com|192.18.108.40|:443... > > Please try to set "ssprot=http" in the pca-proxy.conf file, to make pca > use HTTP instead of HTTPS; so you'll see whether it's a problem with > HTTPS connections. > > > but the same wget https://.... requires me to use "--no-check-certificate" > > for it to work. Could that be part of the problem? > > No, that's fine. If you look at the debug output, you'll see that pca > uses --ca-certificate to point at itself - it includes the necessary CA > certificate for the sunsolve web server. > > Try the wget command you see in pca's debug output (from "/usr/bin/wget" > to "-O /var/tmp/pca/patchdiag.xref"), include --debug and see what > wget's debug out is. > > Martin. >
