Hi, That's odd, the server certificate is valid, but indeed I can't verify it too with openssl s_client. Then again, I also get errors when using openssl s_client checking against https://woz-online.amsterdam.nl while wget has absolutely no problem fetching that URL. (and with the correct client certificate it can retrieve the page too). Therefor I wouldn't expect a Read error (Success) in retreiving https://145.222.136.165 maybe a warning about verification, but it should continue, like it does for the woz-online.amsterdam.nl URL.
BTW, the dns has been updated, so https://www.bouwfondsbbs.nl can now be used instead of the 145.222.135.165 Just for your info, I'm using wget to poll regularly check if the site's still up. Clues, anybody :) ? Dimitri On Fri, 19 Sep 2003, Doug Kaufman wrote: > On Fri, 19 Sep 2003, Hrvoje Niksic wrote: > > > > wget https://145.222.135.165/index.htm > > > --13:46:36-- https://145.222.135.165/index.htm > > > => `index.htm' > > > Connecting to 145.222.135.165:443... connected. > > > HTTP request sent, awaiting response... > > > Read error (Success) in headers. > > > Retrying. > > > > > > --13:46:37-- https://145.222.135.165/index.htm > > > (try: 2) => `index.htm' > > > Connecting to 145.222.135.165:443... connected. > > > HTTP request sent, awaiting response... > > > Read error (Success) in headers. > > > Retrying. > > > --------------------------- > > > > > > Expected: > > > Unable to establish SSL connection. > > > because it's using client certificates, but when using the client > > > certificate the same error occurs, so this doesn't seem a > > > clientcertificate problem, thought it might be that wget is having trouble > > > checking that it does need a client certificate ?! > > The problem seems to be a bad server certificate, or at least one not > in the usual database of trusted certificates. When I connect with > openssl s_client I get error:num=20 (unable to get local certificate) > and also error:num=27 (certificate not trusted). The text from the > server certificate follows: > > Certificate: > Data: > Version: 3 (0x2) > Serial Number: > 47:f7:ee:c0:35:19:65:6c:f2:16:ac:67:ae:e6:48:2e > Signature Algorithm: sha1WithRSAEncryption > Issuer: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification > Authority > Validity > Not Before: Aug 26 00:00:00 2003 GMT > Not After : Aug 25 23:59:59 2004 GMT > Subject: C=NL, ST=Utrecht, L=Amersfoort, O=bouwfonds hypotheken, > OU=Informatie Management, OU=Terms of use at pki.pinkroccade.com/rpa (c) 02, > OU=Authenticated by PinkRoccade, OU=Member, VeriSign Trust Network, > CN=www.bouwfondsbbs.nl > Subject Public Key Info: > Public Key Algorithm: rsaEncryption > RSA Public Key: (1024 bit) > Modulus (1024 bit): > 00:bd:53:94:ec:57:e7:68:05:cf:53:5e:88:24:63: > ca:07:3c:0d:63:df:73:20:5c:20:37:76:e4:9c:89: > eb:76:bb:55:de:41:3f:12:5f:cb:b8:fb:23:ac:7b: > 48:00:50:55:51:18:cc:df:bd:62:67:85:9c:4f:99: > b6:db:e0:56:e0:ab:38:33:ae:15:0d:b4:a5:c3:77: > f1:1a:91:f1:15:55:14:e5:f3:7b:65:56:38:cf:ef: > 4e:3a:3c:23:8a:ce:83:6b:e4:06:55:fe:ca:09:39: > 25:a0:54:28:84:16:1f:12:14:ad:12:ee:05:23:e2: > b7:bd:e5:73:2b:cd:85:22:11 > Exponent: 65537 (0x10001) > X509v3 extensions: > X509v3 Basic Constraints: > CA:FALSE > X509v3 Key Usage: > Digital Signature, Key Encipherment > X509v3 CRL Distribution Points: > URI:http://crl.verisign.com/RSASecureServer.crl > > X509v3 Certificate Policies: > Policy: 2.16.840.1.113733.1.7.1.1 > CPS: https://www.verisign.com/CPS > User Notice: > Organization: VeriSign, Inc. > Number: 1 > Explicit Text: VeriSign's CPS incorp. by reference liab. ltd. > (c)97 VeriSign > > X509v3 Extended Key Usage: > TLS Web Server Authentication, TLS Web Client Authentication > Authority Information Access: > OCSP - URI:http://ocsp.verisign.com > > Signature Algorithm: sha1WithRSAEncryption > 1d:46:35:f6:53:80:e8:39:1f:ff:ca:f5:7d:fd:64:06:7b:76: > 78:44:1e:d3:0a:59:c5:af:2d:fe:41:19:c8:d2:db:a0:9a:8a: > c6:65:87:49:ad:c0:cd:d1:b5:e6:66:c7:ac:f6:88:f5:dd:84: > 58:fb:9c:d3:93:e5:81:74:99:29:90:a6:3d:40:23:7a:11:97: > 60:2f:65:44:b8:33:9d:54:56:58:8f:2b:fb:c3:1c:28:7f:15: > ef:aa:fa:33:ba:12:1f:d8:82:89:8d:f0:a0:f7:a5:e1:b7:05: > 40:91:b3:71:a8:b1:cf:e3:2a:7b:05:89:f2:99:19:e7:cb > > Doug > -- > Doug Kaufman > Internet: [EMAIL PROTECTED] >
