You are not logged in.
- Topics: Active | Unanswered
#1 2022-12-29 12:10:41
- kokoko3k
- Member
- Registered: 2008-11-14
- Posts: 2,426
How to correctly install a certificate?
I need to access a pulsesecure vpn.
Unfortunately the certificate seems self.signed, and the pulse client refuses to connect to the vpn via command line.
I managed to get the certificate this way:
openssl s_client -connect sslvpn.unina.it:443 |tee my.crtThen I followed https://wiki.archlinux.org/title/User:G … ertificate:
trust anchor --store my.crtAnd updated:
trust anchor --store my.crt ; update-ca-trustIt seems it is present in /etc/ca-certificates/trust-source/ with a .p11-kit extension.
However doing a simple test with curl, reports:
curl: (60) SSL certificate problem: unable to get local issuer certificate...but if i give that very same certificate to it, via --cacert option, it works, so it seems it cannot find the certificate by itself, and I failed to install it correctly.
What is the right way to do it?
Thank you in advance.
Last edited by kokoko3k (2022-12-29 12:11:57)
Help me to improve ssh-rdp !
Retroarch User? Try my koko-aio shader !
Offline
#2 2022-12-29 14:59:29
- -thc
- Member
- Registered: 2017-03-15
- Posts: 775
Re: How to correctly install a certificate?
The SSL VPN certificate is not self-signed - it's issued by "GEANT OV RSA CA 4", which in turn has been issued by the "USERTrust RSA Certification Authority".
The intermediate certificate seems to be unknown.
Please remove all traces from your earlier attempts and add trust for the GEANT CA (as you correctly did with my.crt).
Offline
#3 2022-12-30 14:34:24
- kokoko3k
- Member
- Registered: 2008-11-14
- Posts: 2,426
Re: How to correctly install a certificate?
I don't know where ypu gather that infos, but my issue, as stated, is that even curl is unable to see that installed certificate.
The very same certificate works with curl if i provide it via curl itself command line option.
So I still wonder: how to install it correctly?
Help me to improve ssh-rdp !
Retroarch User? Try my koko-aio shader !
Offline
#4 2022-12-31 09:52:15
- -thc
- Member
- Registered: 2017-03-15
- Posts: 775
Re: How to correctly install a certificate?
I don't know where ypu gather that infos,
Try this
openssl x509 -in my.crt -noout -textwith the downloaded endpoint certificate.
but my issue, as stated, is that even curl is unable to see that installed certificate.
curl ignores your "installed" certificate and cannot find the issuer CA (GEANT).
The very same certificate works with curl if i provide it via curl itself command line option.
So I still wonder: how to install it correctly?
Even if this very crude method (forcing the endpoint certificate as a valid CA) works for curl from the command line - the endpoint certificate is neither self-signed nor a CA.
Offline