You are not logged in.

#1 2017-09-06 11:55:18

rdw
Member
Registered: 2012-07-02
Posts: 12

SSL handshake failure

I have been attempting to add a certificate generated by a CA upon my request (using my private key) to my certificate store, so that it is seen by, for example, wget or qutebrowser. Adding in firefox and chromium the PKCS #12 file obtained from the private key and the certificate works fine (the handshake is successful). I added the pem file (renamed to crt) to /etc/ca-certificates/trust-source/anchors/ and ran trust extract-compat, and I believe that this was successful (I see the certificates in /etc/ssl/certs/ca-certificates.crt). However, wget fails with the following output.

GnuTLS: A TLS fatal alert has been received.
GnuTLS: received alert [40]: Handshake failed
Unable to establish SSL connection.

Similarly, openssl appears to fail.

depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Assured ID Root CA
verify return:1
depth=1 C = NL, ST = Noord-Holland, L = Amsterdam, O = TERENA, CN = TERENA SSL CA 3
verify return:1
depth=0 C = NO, L = [snipped], O = [snipped], OU = MK, CN = [snipped]
verify return:1
140011402452864:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_s3.c:1399:SSL alert number 40

Similarly qutebrowser fails with a SSL handshake message.

Any ideas on how to proceed?

Offline

Board footer

Powered by FluxBB