-
-
Notifications
You must be signed in to change notification settings - Fork 121
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Access Server using curl command #66
Comments
Hi Ishan, Thank you very much, I really appreciate your compliments :) I am not so familiar yet with curl and https requests with certificates, so feel free anyone who reads this page to provide me feedback. Curl requires PEM formatted files to do a request. Within this project we used mainly jks files and in some cases a p12 file. What I did was the following steps:
With the --cert command I load the client public and private key. With the --cacert I load my custom trusted certificates. I used Hope this will work for you, please let me know if you succeeded. |
Hello Hakan Altındağ, Thank you so much for your quick response. As mentioned, I performed all the required steps. However, it seems to be not working as per the steps. Please find below details - curl -v --cert client/src/test/resources/client-signed.pem --pass secret --cacert client/src/test/resources/truststore.pem https://localhost:8445/api/hello
Could you please help me further to debug this issue and run this example using curl command. Thanks, |
Could you push all your changes to a forked repo? In that way I am able to easily find the root cause of this failed request. |
Hello Hakan Altındağ, I am using the same server side code and the script you mentioned to create the certificates and keystore, truststore etc. There are no changes other than that. Please suggest should I still share the changes? Thanks, |
Than I am not quite sure what the cause would be, the only different what I still see is the port is different within your curl command: Could you check if your server is running on port 8443 or 8445? If it is still not working, let's do a remote session with teamviewer |
Hello Hakan Altındağ, As mentioned by you earlier, I have pushed all my changes to forked repository - Yes, I am using the server port 8445 in application.yml file for server application. I am basically using server application and curl command as client to fetch the response from server. I have used the script - configure-two-way-authentication-by-trusting-root-ca.sh for setting up all the required pre-requisites, made minor modifications to the script to make it work. Client curl command used is Please help me to make this example work using curl command. Thank you in advance for all your help. Thanks, |
Thank you for pushing your code into a separate git repository. I have analysed your changes and I can conclude that the creation of the certificates/keystores are correct. Unfortunately the server project couldn't be build because the pom was not correct. I reverted the changes of the two files below to make fix the build for the server: The client is also failing, but after adjusting the following expected After applying these changes and rebuilding it with Please have a look at this video where I show the changes step by step: Debug ishan-aggarwal-muutual-tls-ssl The video will be available in HD quality soon. After your changes within the server project especially the pom.xml and LogCertificateAspect.java the server couldn't be build and therefor it was also not able to create the jar. So maybe you where using an older jar file when starting up the server and therefor the curl was also failing. But that is an assumption, I hope the explanation above and the video make sense, please let me know if it is working on your side after applying the changes. |
Hello Hakan Altındağ, Thank you so much for this video and all your help. I am facing some build issues with client code. The only difference I could see is you are using jdk 11 whereas in my local environment I am using jdk 8. I will update you the final status of curl command once these issues are resolved. Thanks, |
By the way @ishan-aggarwal I have added a gist for the specific commands to transform a keystore into something which will be accepted by the curl command. It is available here for if you need to bookmark it: curl-with-java-keystore.md |
Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
Describe the solution you'd like
A clear and concise description of what you want to happen.
Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.
Additional context
Add any other context or screenshots about the feature request here.
Hello Hakan Altındağ
Thank you so much for such wonderful article.
Could you please help me with the usage of server side program with CA Authority using curl command as client. How can we pass the client certificates in curl command so as to do two way SSL handshake.
Thanks,
Ishan Aggarwal
The text was updated successfully, but these errors were encountered: