Unable to curl or access the website via any linux OS - selenium

I am trying to curl to a website.
However the website is showing the below error :
curl: (56) OpenSSL SSL_read: 14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate, errno 0
I am trying to access the website in selenium via the headless firefox, however getting nssFailure2 error there also.
The same website I am able to access through Windows OS via chrome and certificate shows valid there , however not through any linux OS.
Any suggestions what to look after?

Related

Why are we getting "tls handshake error using curl"?

I'm trying to use curl to access a URL of an app we've developed internally, and on the server I'm seeing
http: TLS handshake error from 1.2.3.4 remote error: tls: unknown certificate authority.
This only happens when we hit the endpoint using curl (inside git bash ) or wget. When we use IE on Windows it works just fine. I've even tried re-installing git bash using Native SSL library (which should be the same as IE), but still getting the same error message.
Have even tried downloading the curl-ca-bundle.crt file and saving to the same place as the curl binary, or even directly telling it to use this file with curl --cacert option, but still no joy.
I've compared the root certs that IE is reporting, and the ones in that curl-ca-bundle.crt and they look the same (they don't line up exactly the same, but they have the same text in them between the BEGIN and END markers, one is just wider on the screen and therefore uses fewer lines if that makes sense).
Hopefully someone has ideas what to try next as two of us have been tearing our hair out all afternoon with this.
wget also gives an error message :-
$ wget https://bler.com/admin/user
--2018-09-03 15:53:43-- https://bler.com/admin/user
Connecting to 132.146.1.142:8090... connected.
ERROR: cannot verify oss.dns.networks.bt.com's certificate, issued by 'CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US':
Unable to locally verify the issuer's authority.
To connect to oss.dns.networks.bt.com insecurely, use '--no-check-certificate'.
We're using a local proxy server, and HTTP_PROXY is set. It must be using the proxy, as we can see we're hitting the end point.
I also had the same error. This problem occurs when you install on Golang web server the only certificate. You must use a certificate chain instead.
For example, Letsencrypt gives "cert.pem" and "fullchain.pem". "cert.pem" works in browsers, but curl cannot work with this file (curl: (60) SSL certificate problem: unable to get local issuer certificate). "fullchain.pem" works fine in browsers and curl.

CURL SSL Connect Error during install of Sitelock on Centos 6 server

I am trying to install Sitelock with Plesk 11 on my GoDaddy Centos 6.4 VPS. When I access Sitelock 1.0 through the Applications tab and click the install button I get this error:
Error: Installation of Sitelock failed. Non-zero exit status returned
by script. Output stream: 'CURL error. API request failed with
message:SSL connect error '.
Google does not return a result for this exact error message and none that I can find sound specifically related. I am not familiar with cURL. Digicert indicates the SSL is correctly installed and COMODO SSL Analyzer doesn't indicate any problems. How can I resolve this?

Safari/Firefox or Chrome wont to use http/2 yet CURL is fine

I repeated the following using SLES and OS X. I compiled apache 2.4.18, nghttp2-1.8.0 and OpenSSL 1.0.2g and using a recently built version of curl it appears everything is working fine.
curl https://macbookpro.xxxx/ --cacert /usr/local/apache2/conf/ssl/server.crt --verbose
Output from the above shows the connection upgrading to http/2 and the Apache access logs report:
192.168.0.1 - - [20/Mar/2016:15:12:05 +0000] "GET / HTTP/2" 200 45
The certificate chain is all locally generated. With a root, intermediary and server certificates and the following commands report everything is OK
openssl s_client -connect macbookpro:443 -CAfile /usr/local/apache2/conf/ssl/server.crt
However I just cant get any of my browsers Safari/Firefox or Chrome to utilise http/2.
Firefox 45.01 (with spdy indicator extension)
Safari 6.2.8 (8537.85.17.9.1)
Google Chrome 49.0.2623.87 (64-bit)
The page displays fine, but firefox's spdy indicator extension shows nothing. The access logs all report HTTP/1.1 connections. How do I get http2 working?

CouchDB SSL decode error

I can't get CouchDB working over SSL. The certificates are fine, and indeed I have tested with self signed, and the test certificates for Couch at https://github.com/mochi/mochiweb/blob/master/examples/https/
It's an Ubuntu box, running couch 1.6.1 and the SSL certificates all check out when checked at https://www.digicert.com/help/
The error does not appear when testing via curl, but does when attempting connection from a browser. The error line in the log is:
SSL: certify: tls_connection.erl:375:Fatal error: decode error

Download build files from Nexus, certificate error when running wget, but succeed with browser (Firefox, Chrome)

I've already purchased the SSL Certifcate from DigiCert and install it into my Nexus server (running in tomcat, jks)
It works well in firefox and chrome(green address bar indicates that a valid certificate received) , builds could be downloaded from Nexus WebUI too.
But, wget could not get the result without --no-check-certificate
something like
ERROR: cannot verify mydomain.com's certificate, issued by `/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3':
Unable to locally verify the issuer's authority.
To connect to mydomain.com insecurely, use `--no-check-certificate'.
Unable to establish SSL connection.
Found something,
SSL connection fails with wget, curl, but succeed with firefox and lynx
linux wget not certified?
But neither of them gives a final solution, I want to know whether there are some (special) configurations on Nexus or this's a bug of wget command?
Google return many results about "digitcert wget",but I cannot find a clue either, Thank you!
You need to add the DigiCert root certificate to a store accessible by wget:
http://wiki.openwrt.org/doc/howto/wget-ssl-certs