In order to download the certificate, you need to use the client built into openssl like so: echo -n | openssl s_client -connect $HOST:$PORTNUMBER -servername $SERVERNAME \ | openssl x509 > /tmp/$SERVERNAME.cert That will save the certificate to /tmp/$SERVERNAME.cert. The -servername is used to select the correct certificate when multiple are presented, in the case … Read more
You should be able to use OpenSSL for your purpose: echo | openssl s_client -showcerts -servername gnupg.org -connect gnupg.org:443 2>/dev/null | openssl x509 -inform pem -noout -text That command connects to the desired website and pipes the certificate in PEM format on to another openssl command that reads and parses the details. (Note that “redundant” … Read more
This could happen if you are not running the command prompt in administrator mode. If you are using windows 7, you can go to run, type cmd and hit Ctrl+Shift+enter. This will open the command prompt in administrator mode. If not, you can also go to start -> all programs -> accessories -> right click … Read more
I can push by clone project using ssh, but it doesn’t work when I clone project with https. The error message that it shows me is:
Simply add the -k switch somewhere before the url. Disclaimer: Use this at your own risk. -k, –insecure (TLS) By default, every SSL connection curl makes is verified to be secure. This option allows curl to proceed and operate even for server connections otherwise considered insecure. The server connection is verified by making sure the server’s certificate … Read more
As already pointed out in a comment: the site has a bad SSL implementation as can be seen from the SSLLabs report. The main part of this report regarding your problem is: This server’s certificate chain is incomplete. Grade capped to B. This means that the server is not sending the full certificate chain as is … Read more
If you just want to bypass verification, you can create a new SSLContext. By default newly created contexts use CERT_NONE. Be careful with this as stated in section 17.3.7.2.1 When calling the SSLContext constructor directly, CERT_NONE is the default. Since it does not authenticate the other peer, it can be insecure, especially in client mode where most of time you … Read more
I am supplied with a jks keystore named ABCC_client.store. When I import this keystore to cacerts and try connecting it says No such Algorithm error. PFA the stacktrace But if I use this keystore independently i.e without adding it to cacerts it works. Some googling led to me to http://joewlarson.com/blog/2009/03/25/java-ssl-use-the-same-password-for-keystore-and-key/ which says that password might … Read more
cacert.pem is a bundle of CA certificates that you use to verify that the server is really the correct site you’re talking to (when it presents its certificate in the SSL handshake). The bundle can be used by tools like curl or wget, as well as other TLS/SSL speaking software. The bundle should contain the … Read more
The problem appears when your server has self signed certificate. To workaround it you can add this certificate to the list of trusted certificates of your JVM. In this article author describes how to fetch the certificate from your browser and add it to cacerts file of your JVM. You can either edit JAVA_HOME/jre/lib/security/cacerts file or run you … Read more