Hyland Community
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Calling curl with https

hasi_webmail
Champ in-the-making
Champ in-the-making

‎04-11-2012 03:19 AM

I want to call to alfresco using curl with https for testing. Currently it works for http fine. Can any one help me in this isue?


curl -vi –cacert AlfrescoRepository "https://localhost:8443/alfresco/service/api/login?u=a123&pw=a123"
* About to connect() to localhost port 8443 (#0)
*   Trying ::1… connected
* Connected to localhost (::1) port 8443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: AlfrescoRepository
  CApath: none
* Certificate is signed by an untrusted issuer: 'CN=Alfresco CA,O=Alfresco Software Ltd.,L=Maidenhead,ST=UK,C=GB'
* NSS error -8172
* Closing connection #0
* Peer certificate cannot be authenticated with known CA certificates
curl: (60) Peer certificate cannot be authenticated with known CA certificates
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the –cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or –insecure) option.

Its working with -k also. But i want to test with secure. Is any one familier with this??


:evil:  :evil:  :evil:  :evil:  :evil:  :evil:  :evil:  :evil:  :evil:  :evil:  :evil:  :evil:  :evil:  :evil:  :evil:  :evil:  :evil:  :evil:  :evil:
Labels:
0 Kudos
6 REPLIES 6

mitpatoliya
Star Collaborator
Star Collaborator

‎04-11-2012 03:27 AM

Generally we need to register the certificate with the jdk on server.
So that for each call it will be validated from there.
Just a hint.
0 Kudos

hasi_webmail
Champ in-the-making
Champ in-the-making

‎04-11-2012 03:34 AM

You mean like this?? I have already added. But its same……  :roll:  :roll:  :roll:  :roll:  :roll:  :roll:  :roll:  :roll:  :roll:  :roll:  :roll:  :roll:  :roll:  :roll:  :roll:  :roll:  :roll:  :roll:  :roll:  :roll:  :roll:
see;

$keytool -keystore my-ssl-keystore -importcert -alias AlfrescoRepository -file AlfrescoRepository

Enter keystore password: 
Re-enter new password:
Owner: CN=Alfresco Repository, OU=Unknown, O=Alfresco Software Ltd., L=Maidenhead, ST=UK, C=GB
Issuer: CN=Alfresco CA, O=Alfresco Software Ltd., L=Maidenhead, ST=UK, C=GB
Serial number: 4
Valid from: Thu Aug 18 17:34:11 IST 2011 until: Fri Aug 17 17:34:11 IST 2012
Certificate fingerprints:
    MD5:  FB:A0:FA:3E:1C:37:4E:A1:89:3B:A3:92:C6:E3:25:62
    SHA1: 13:2C:7A:FD:12:80:8E:F3:43Smiley Very Happy9:89:B6Smiley Very Happy7:2B:B8:C0:FD:0D:FBSmiley Very Happy5
    Signature algorithm name: SHA1withRSA
    Version: 1
Trust this certificate? [no]:  yes
Certificate was added to keystore

Im getting angry now  :twisted:  :twisted:  :twisted:  :twisted:  :twisted:  :twisted:  :twisted:
any one know whs the issue?
0 Kudos

hasi_webmail
Champ in-the-making
Champ in-the-making

‎04-17-2012 05:49 AM

I,m still looking for this    :?:  :?:  :?:  :?: 61 views ans 3 replies?? come on peers…….. reviews??
0 Kudos

wabson
Star Contributor
Star Contributor

‎04-17-2012 03:00 PM

Hi, I'd suggest limiting the use of smilies in your posts, if you want others to consider them seriously.

Regarding the issue itself, I think the –insecure (or -k) option is what you want. This tells cURL to ignore any problems with the SSL connection, such as self-signed certificates.

Cheers,
Will
0 Kudos

hasi_webmail
Champ in-the-making
Champ in-the-making

‎04-18-2012 12:37 PM

Hi, I'd suggest limiting the use of smilies in your posts, if you want others to consider them seriously.

Regarding the issue itself, I think the –insecure (or -k) option is what you want. This tells cURL to ignore any problems with the SSL connection, such as self-signed certificates.

Cheers,
Will


Well, in this case, i dont want to use the insecure option, can you explain me how this certificate is make in this issue? I may be did something wrong somewhere.
0 Kudos

cnatcisco
Champ in-the-making
Champ in-the-making
In response to hasi_webmail

‎05-07-2013 11:00 PM

open the url "https://localhost:8443/alfresco/service/api/login?u=a123&pw=a123" in a chrome browser

for all sites with self signed certificate it will complain that the is site in not a trusted site.


click the lock icon near the url, it will show a link to see the certificate information, click the link it will open the self signed certificate, goto details tab, click "copy to file" button , then click next button, then select the format " \DER encoded binary x.509(.cer) "

click next button , give the path of a file then click next and then click finish button.


Now go to certification path tab , click each and every certificate in the tree , start from the root and export each and every certificate chain and save it as mentioned above.


now move these files to /tmp/ assume the file names are file1.cer and file2.cer

excute the below command to convert the certificates to PEM format.
openssl x509 -inform DES  -in file1.cer -out file1.pem -text
openssl x509 -inform DES  -in file2.cer -out file2.pem -text


now append these files to AlfrescoRepository 


cat file1.pem >> AlfrescoRepository
cat file2.pem >> AlfrescoRepository

Now execute the curl command.

curl -vi –cacert AlfrescoRepository "https://localhost:8443/alfresco/service/api/login?u=a123&pw=a123"


Let me know if you need any clarification….
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC
Top