I set up postfix with Lightsail and SES according to this tutorial: https://docs.aws.amazon.com/ses/latest/DeveloperGuide/postfix.html
When I send emails, the emails in the queue say this:
SASL authentication failed; server email-smtp.ca-central-1.amazonaws.comhttp://99.79.137.249 said: 530 Must issue a STARTTLS command first
I have tried changing different settings for smtp_tls_security_level = dane (current), smtp_tls_security_level = encrypt, smtp_tls_security_level = may but emails still don't go, although the status might change with a different setting.
I can provide more detailed logs if necessary.
Thanks!
logs
Feb 22 13:51:43 ip-172-26-12-131 postfix/smtpd[936667]: connect from unknown[45.142.120.6]
Feb 22 13:51:43 ip-172-26-12-131 postfix/smtpd[934814]: warning: unknown[45.142.120.137]: SASL LOGIN authentication failed: authentication failure
Feb 22 13:51:43 ip-172-26-12-131 postfix/smtpd[934814]: disconnect from unknown[45.142.120.137] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Feb 22 13:51:46 ip-172-26-12-131 postfix/smtpd[924010]: warning: unknown[45.142.120.84]: SASL LOGIN authentication failed: authentication failure
Feb 22 13:51:46 ip-172-26-12-131 postfix/smtpd[924010]: disconnect from unknown[45.142.120.84] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Feb 22 13:51:47 ip-172-26-12-131 postfix/pickup[922446]: 0A680BE63C: uid=1000 from=<mail#example.com>
Feb 22 13:51:47 ip-172-26-12-131 postfix/cleanup[939757]: 0A680BE63C: message-id=<20210222185147.0A680BE63C#ip-172-26-12-131.ec2.internal>
Feb 22 13:51:47 ip-172-26-12-131 postfix/qmgr[633056]: 0A680BE63C: from=< mail#example.com >, size=357, nrcpt=1 (queue active)
Feb 22 13:51:47 ip-172-26-12-131 postfix/smtp[939759]: cannot load Certification Authority data, CAfile="/etc/ssl/certs/ca-bundle.crt", CApath="/etc/ssl/certs": disabling TLS support
Feb 22 13:51:47 ip-172-26-12-131 postfix/smtp[939759]: warning: TLS library problem: error:02001002:system library:fopen:No such file or directory:../crypto/bio/bss_file.c:69:fopen('/etc/ssl/certs/ca-bundle.crt','r'):
Feb 22 13:51:47 ip-172-26-12-131 postfix/smtp[939759]: warning: TLS library problem: error:2006D080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:76:
Feb 22 13:51:47 ip-172-26-12-131 postfix/smtp[939759]: warning: TLS library problem: error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib:../crypto/x509/by_file.c:199:
Feb 22 13:51:47 ip-172-26-12-131 postfix/smtp[939759]: 0A680BE63C: SASL authentication failed; server email-smtp.ca-central-1.amazonaws.com[35.183.211.80] said: 530 Must issue a STARTTLS command first
Feb 22 13:51:47 ip-172-26-12-131 postfix/smtp[939759]: 0A680BE63C: to=< mail#example.com>, relay=email-smtp.ca-central-1.amazonaws.com[99.79.137.249]:587, delay=20, delays=20/0.02/0.22/0, dsn=4.0.0, status=deferred (SASL authentication failed; server email-smtp.ca-central-1.amazonaws.com[99.79.137.249] said: 530 Must issue a STARTTLS command first)
Feb 22 13:51:49 ip-172-26-12-131 postfix/smtpd[936667]: warning: unknown[45.142.120.6]: SASL LOGIN authentication failed: authentication failure
Feb 22 13:51:49 ip-172-26-12-131 postfix/smtpd[936667]: disconnect from unknown[45.142.120.6] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Feb 22 13:51:57 ip-172-26-12-131 postfix/postfix-script[939846]: warning: symlink leaves directory: /etc/postfix/./makedefs.out
Feb 22 13:51:57 ip-172-26-12-131 postfix/postfix-script[939973]: warning: /var/spool/postfix/etc/ssl/certs/ssl-cert-snakeoil.pem and /etc/ssl/certs/ssl-cert-snakeoil.pem differ
Feb 22 13:52:05 ip-172-26-12-131 postfix/smtpd[927078]: connect from unknown[45.142.120.180]
Feb 22 13:52:08 ip-172-26-12-131 postfix/smtpd[927078]: warning: unknown[45.142.120.180]: SASL LOGIN authentication failed: authentication failure
Feb 22 13:52:08 ip-172-26-12-131 postfix/smtpd[927078]: disconnect from unknown[45.142.120.180] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Feb 22 13:52:12 ip-172-26-12-131 postfix/smtpd[936667]: connect from unknown[45.142.120.15]
Feb 22 13:52:12 ip-172-26-12-131 postfix/smtpd[924703]: connect from unknown[45.142.120.87]
Feb 22 13:52:18 ip-172-26-12-131 postfix/smtpd[924013]: connect from unknown[45.142.120.147]
According to this message:
Feb 22 13:51:47 ip-172-26-12-131 postfix/smtp[939759]: warning: TLS library problem: error:02001002:system library:fopen:No such file or directory:../crypto/bio/bss_file.c:69:fopen('/etc/ssl/certs/ca-bundle.crt','r'):
I suspect you're using Ubuntu server, the path to the ca-bundle.crt file should be /etc/ssl/certs/ca-certificates.crt
Related
I'm trying to connect to SSL server from linux but it does not work.
I need to auth by a client certificate from a Windows client http (C# httpwebrequest) but it does not work.
So I have tried using an internal reverse proxy with Linux/Apache (it does the client authentifcation) but it does not work. Here is the configuration :
<VirtualHost host:443>
ServerName host:443
# SRV SSL
SSLEngine On
SSLCertificateFile /cert.cer
SSLCertificateKeyFile /cert.key
# REVERSE PROXY
SSLProxyEngine On
ProxyPass / https://host:443/
ProxyPassReverse / https://host:443/
ProxyRequests Off
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
# AUTHENTIFICATION CERT CLIENT (concat crt et key SANS pwd)
SSLProxyMachineCertificateFile "/cert.crt.key"
# Log Dev
TransferLog logs/test.ssl_access_log
ErrorLog logs/test.ssl_error_log
# DEBUG
<IfModule mod_ssl.c>
ErrorLog logs/ssl_engine.log
LogLevel debug
</IfModule>
</VirtualHost>
And here is the ssl_engine.log :
[Sat Mar 03 18:23:06.813995 2018] [proxy:debug] [pid 5892] proxy_util.c(2798): AH02824: HTTPS: connection established with xxx.xxx.xxx.xxx:443 (host)
[Sat Mar 03 18:23:06.814011 2018] [proxy:debug] [pid 5892] proxy_util.c(2938): AH00962: HTTPS: connection complete to xxx.xxx.xxx.xxx:443 (host)
[Sat Mar 03 18:23:06.814015 2018] [ssl:info] [pid 5892] [remote xxx.xxx.xxx.xxx:443] AH01964: Connection to child 0 established (server localhost:443)
[Sat Mar 03 18:23:06.844164 2018] [ssl:info] [pid 5892] [remote xxx.xxx.xxx.xxx:443] AH02003: SSL Proxy connect failed
[Sat Mar 03 18:23:06.844212 2018] [ssl:info] [pid 5892] SSL Library Error: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
[Sat Mar 03 18:23:06.844219 2018] [ssl:info] [pid 5892] [remote xxx.xxx.xxx.xxx:443] AH01998: Connection closed to child 0 with abortive shutdown (server localhost:443)
[Sat Mar 03 18:23:06.844234 2018] [ssl:info] [pid 5892] [remote xxx.xxx.xxx.xxx:443] AH01997: SSL handshake failed: sending 502
[Sat Mar 03 18:23:06.844250 2018] [proxy_http:error] [pid 5892] (103)Software caused connection abort: [client 172.20.6.150:56860] AH01102: error reading status line from remote server host:443
[Sat Mar 03 18:23:06.844275 2018] [proxy_http:debug] [pid 5892] mod_proxy_http.c(1363): [client 172.20.6.150:56860] AH01105: NOT Closing connection to client although reading from backend server host:443 failed.
[Sat Mar 03 18:23:06.844280 2018] [proxy:error] [pid 5892] [client 172.20.6.150:56860] AH00898: Error reading from remote server returned by /recette/tib/depotGreffe/C0002A0121L091616D20180129H100031TDEDOCPCFEC.zip
[Sat Mar 03 18:23:06.844292 2018] [proxy:debug] [pid 5892] proxy_util.c(2218): AH00943: HTTPS: has released connection for (host)
[Sat Mar 03 18:23:06.844483 2018] [ssl:info] [pid 5892] [client 172.20.6.150:56860] AH01992: SSL library error 1 reading data
[Sat Mar 03 18:23:06.844497 2018] [ssl:info] [pid 5892] SSL Library Error: error:140E0197:SSL routines:SSL_shutdown:shutdown while in init
[Sat Mar 03 18:23:07.054533 2018] [proxy:debug] [pid 5893] proxy_util.c(1843): AH00925: initializing worker https://host/ shared
[Sat Mar 03 18:23:07.054583 2018] [proxy:debug] [pid 5893] proxy_util.c(1885): AH00927: initializing worker https://host/ local
[Sat Mar 03 18:23:07.054597 2018] [proxy:debug] [pid 5893] proxy_util.c(1936): AH00931: initialized single connection worker in child 5893 for (host)
[Sat Mar 03 18:23:11.849565 2018] [ssl:info] [pid 5892] (70007)The timeout specified has expired: [client 172.20.6.150:56860] AH01991: SSL input filter read failed.
[Sat Mar 03 18:23:11.849662 2018] [ssl:debug] [pid 5892] ssl_engine_io.c(993): [client 172.20.6.150:56860] AH02001: Connection closed to child 4 with standard shutdown (server localhost:443)
[Sat Mar 03 18:23:52.003050 2018] [ssl:info] [pid 5888] [client 172.20.7.77:53311] AH01964: Connection to child 0 established (server localhost:443)
[Sat Mar 03 18:23:52.019141 2018] [ssl:debug] [pid 5888] ssl_engine_kernel.c(1823): [client 172.20.7.77:53311] AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
[Sat Mar 03 18:23:52.019411 2018] [ssl:debug] [pid 5888] ssl_engine_io.c(993): [client 172.20.7.77:53311] AH02001: Connection closed to child 0 with standard shutdown (server localhost:443)
[Sat Mar 03 18:24:52.001523 2018] [ssl:info] [pid 5889] [client 172.20.7.77:53884] AH01964: Connection to child 1 established (server localhost:443)
[Sat Mar 03 18:24:52.016324 2018] [ssl:debug] [pid 5889] ssl_engine_kernel.c(1823): [client 172.20.7.77:53884] AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
[Sat Mar 03 18:24:52.018222 2018] [ssl:debug] [pid 5889] ssl_engine_io.c(993): [client 172.20.7.77:53884] AH02001: Connection closed to child 1 with standard shutdown (server localhost:443)
[Sat Mar 03 18:25:52.000848 2018] [ssl:info] [pid 5890] [client 172.20.7.77:54435] AH01964: Connection to child 2 established (server localhost:443)
[Sat Mar 03 18:25:52.018430 2018] [ssl:debug] [pid 5890] ssl_engine_kernel.c(1823): [client 172.20.7.77:54435] AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
[Sat Mar 03 18:25:52.018656 2018] [ssl:debug] [pid 5890] ssl_engine_io.c(993): [client 172.20.7.77:54435] AH02001: Connection closed to child 2 with standard shutdown (server localhost:443)
I have tried many tests with curl but nothing (with client auth options) :
curl -v -k --cert /cert.crt.key https://host/path
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* NSS error -12286 (SSL_ERROR_NO_CYPHER_OVERLAP)
* Cannot communicate securely with peer: no common encryption algorithm(s).
* Closing connection 0
curl: (35) Cannot communicate securely with peer: no common encryption algorithm(s).
I have dump trafic using tcpdump and analyse it with ssldump and I have a handshake failure (only client hello but non server hello) :
ssldump -nr /trace.cap
New TCP connection #1: 172.20.7.85(44122) <-> xxx.xxx.111.106(443)
1 1 0.1201 (0.1201) C>S Handshake
ClientHello
Version 3.3
cipher suites
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
Unknown value 0xcca9
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Unknown value 0xcca8
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
Unknown value 0xccaa
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_MD5
compression methods
NULL
1 2 0.1507 (0.0305) S>C Alert
level fatal
value handshake_failure
1 0.1508 (0.0000) C>S TCP FIN
1 0.1803 (0.0294) S>C TCP FIN
It seems I have never the "server hello" from the server and so never have server cipher.
I'm trying with openssl client like this :
openssl s_client -connect host:443 -cert /mycert.pem -key /mycert.key -debug -state
SSL_connect:SSLv2/v3 write client hello A
read from 0xc48060 [0xc7dc00] (7 bytes => 7 (0x7))
0000 - 15 03 01 00 02 02 28 ......(
SSL3 alert read:fatal:handshake failure
SSL_connect:error in SSLv2/v3 read server hello A
140342855083936:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:769:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 289 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1520095823
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
I have also tried with wget :
wget -v -d --secure-protocol=TLSv1 --no-check-certificate --certificate=/cert.pem --private-key=/cert.key https://host
URI encoding = «UTF-8»
Created socket 3.
Releasing 0x0000000002538850 (new refcount 1).
Initiating SSL handshake.
SSL handshake failed.
OpenSSL: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
Closed fd 3
Incapable d'établir une connexion SSL.
Files are pem b64 format and not encryption password.
I have added CA autority certificate from both remote ssl server and client authentificate certificate (intranet CA) in ca-bundle (redhat).
It seems to work with Internet Explorer (using only tls1.0) !!
Anyone can help me ? Is certificate (ssl server or auth client) can be the problem or not (because it handshake stop after 'client hello') ?
I'm going to tried with fiddler like a proxy https server from Windows IE...
Thank you
I don't understand what's happen on my server. Just bellow the ssl_error_log
[Sat Sep 30 00:51:07 2017] [warn] RSA server certificate CommonName (CN) `www.website.com' does NOT match server name!?
[Sat Sep 30 01:33:05 2017] [warn] RSA server certificate CommonName (CN) `website.com' does NOT match server name!?
[Sat Sep 30 01:33:05 2017] [error] Unable to configure RSA server private key
[Sat Sep 30 01:33:05 2017] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
I don't understand why the check was done on www.website.com and now on website.com...
I'm not a expert on web but I want to understand this problem. Which information I have to look?
Best regards,
robin
I'm setting up NSS for my Apache server but I'm running into an error. I feel like this is a really easy fix that I'm overlooking.
Here's my Apache error log:
[Tue Mar 21 16:09:13 2017] [error] Password for slot internal is incorrect.
[Tue Mar 21 16:09:13 2017] [error] NSS initialization failed. Certificate database: /etc/apache2/nssdb/.
[Tue Mar 21 16:09:13 2017] [error] SSL Library Error: -8177 The security password entered is incorrect
[Tue Mar 21 16:14:22 2017] [error] Password for slot internal is incorrect.
[Tue Mar 21 16:14:22 2017] [error] NSS initialization failed. Certificate database: /etc/apache2/nssdb/.
[Tue Mar 21 16:14:22 2017] [error] SSL Library Error: -8177 The security password entered is incorrect
[Tue Mar 21 16:24:25 2017] [error] Password for slot internal is incorrect.
[Tue Mar 21 16:24:25 2017] [error] NSS initialization failed. Certificate database: /etc/apache2/nssdb/.
[Tue Mar 21 16:24:25 2017] [error] SSL Library Error: -8177 The security password entered is incorrect
[Tue Mar 21 16:29:00 2017] [error] Password for slot internal is incorrect.
[Tue Mar 21 16:29:00 2017] [error] NSS initialization failed. Certificate database: /etc/apache2/nssdb/.
[Tue Mar 21 16:29:00 2017] [error] SSL Library Error: -8177 The security password entered is incorrect
I checked apachectl -t, here is the output:
[Tue Mar 21 17:16:23 2017] [warn] module proxy_module is already loaded, skipping
[Tue Mar 21 17:16:23 2017] [warn] module proxy_http_module is already loaded, skipping
[Tue Mar 21 17:16:23 2017] [warn] module proxy_module is already loaded, skipping
[Tue Mar 21 17:16:23 2017] [warn] module proxy_http_module is already loaded, skipping
Syntax error on line 1 of /etc/apache2/conf.d/NSSPin.conf:
Invalid command 'token:password', perhaps misspelled or defined by a module not included in the server configuration
Here is my nss.conf file:
NSSPassPhraseDialog file:/etc/apache2/conf.d/NSSPin.txt
NSSPassPhraseHelper /usr/sbin/nss_pcache
I've tried multiple combinations of NSSPassPhraseDialog with file, exec, "password", password. In my /etc/apache2/conf.d/NSSPin.txt file (the file that NSSPassPhraseDialog is being linked to) I've tried "password", password, toke:password, token:"password", internal:password, internal:"password". I'm not really sure what else to do.
We are facing an issue on the client side TLS. As you see below the handshake is done properly but then there is no more data sent from the SG client so the connection is closed.
To test I am using this link https://caplonsgprd-x.integration.ibmcloud.com:xxxx/PATH/ to initiate the request which reaches the client configured for TLS and then I see the below in the logs:
[Wed Sep 30 14:22:13 2015] [debug] ssl_engine_kernel.c(1907): OpenSSL: Handshake: done
[Wed Sep 30 14:22:13 2015] [info] Connection: Client IP: xx.xx.xx.xx, Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
[Wed Sep 30 14:22:13 2015] [debug] mod_monitoring.c(213): monitor: Update counters for event 'tls:handshake:done'
[Wed Sep 30 14:22:13 2015] [debug] MonitoringCounter.c(375): monitor: MonitoringCounter_updateCounter (null) TLS_HandshakeSucceed 1
[Wed Sep 30 14:22:13 2015] [debug] mod_monitoring.c(213): monitor: Update counters for event 'tls:handshake:exit'
[Wed Sep 30 14:22:13 2015] [debug] ssl_engine_io.c(1952): OpenSSL: I/O error, 5 bytes expected to read on BIO#7f5eb00011e0 [mem: 7f5ef0751de3] -> Here we expected the client to send the applicative data which is the HTTPS request with the PATH.
[Wed Sep 30 14:22:13 2015] [info] [client xx.xx.xx.xx] (70014)End of file found: SSL input filter read failed.
I've gone through the flow in Bluemix US of creating a TCP destination to mongodb with client side TLS enabled with a self signed cert.
If the cert is uploaded, it looks like the client needs to be restarted to pick up the cert and use it. Once the client is restarted, the cert should be recognized and I was able to connect to my SSL enabled mongodb.
Edit:
Secure Gateway does not currently support multiple client TLS CA files to be uploaded, so the client will fail to connect if the chain consists of more than one CA cert.
Whenever a request comes to apache server it is not able to fulfill it. I am getting following error in apache error logs
[Fri Nov 21 18:02:02 2014] [info] [client 10.246.86.135] Connection to child 75 established (server myserver.com:443)
[Fri Nov 21 18:02:02 2014] [info] Seeding PRNG with 1024 bytes of entropy
[Fri Nov 21 18:02:02 2014] [debug] ssl_engine_kernel.c(1871): OpenSSL: Handshake: start
[Fri Nov 21 18:02:02 2014] [debug] ssl_engine_kernel.c(1879): OpenSSL: Loop: before/accept initialization
[Fri Nov 21 18:02:02 2014] [debug] ssl_engine_io.c(1947): OpenSSL: I/O error, 11 bytes expected to read on BIO#7f94c4001360 [mem: 7f950c024bd0]
[Fri Nov 21 18:02:02 2014] [debug] ssl_engine_kernel.c(1908): OpenSSL: Exit: error in SSLv2/v3 read client hello A
[Fri Nov 21 18:02:02 2014] [info] [client 10.246.86.135] (70014)End of file found: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!]
[Fri Nov 21 18:02:02 2014] [info] [client 10.246.86.135] Connection closed to child 75 with abortive shutdown (server myserver.com:443)
Tried to establish connectivity to server, got following outputs
user#server: openssl s_client -connect 10.246.86.142:8444 -state -nbio
CONNECTED(00000003)
turning on non blocking io
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:error in SSLv2/v3 read server hello A
write R BLOCK
SSL3 alert read:fatal:handshake failure
SSL_connect:error in SSLv2/v3 read server hello A
140342456735560:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:741:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 263 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
Also
user#server: wget https://10.246.86.142:8444 --debug
DEBUG output created by Wget 1.12 on linux-gnu.
--2014-11-21 17:57:39-- https://10.246.86.142:8444/
Connecting to 10.246.86.142:8444... connected.
Created socket 3.
Releasing 0x0000000001b6a2a0 (new refcount 0).
Deleting unused 0x0000000001b6a2a0.
Initiating SSL handshake.
SSL handshake failed.
OpenSSL: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
Closed fd 3
Unable to establish SSL connection.
Any ideas, what might be going wrong? All the certificates are in place and are valid
It was the issue with certificate at the weblogic end. Certificate was missing key usage 'key encipherment'
When certificate with key encipherment usage was imported at weblogic end, the connection was successful.