I tried to use amqsslc sample program on MQ but it’s failing with MQCONNX FAILED WITH mqrc 2393 ssl initialization error
MQ version is 9
Cipher spec used is TLS 1.2 AES 256 SHA 256
JRE version : IBM : version 8
./amqssslc -m TEST -c TEST.ASL -x 'localhost(4540)' -k "/var/mqm/qmgrs/TEST/ssl/key" -s TLS_RSA_WITH_AES_256_CBC_SHA256
Related
I am trying to use the wget binary for windows, in order to download an entire website onto a USB drive. I tried to run the following wget command, but it just failed. I don't know why. I don't know how to read the following error message.
with http:
E:\gardening> wget --mirror --convert-links --html-extension --no-timestamping --no-clobber -erobots=off --page-requisites --user-agent=Mozilla http://www.eattheweeds.com/
--2022-07-12 17:48:33-- http://www.eattheweeds.com/
Resolving www.eattheweeds.com... 45.60.22.231
Connecting to www.eattheweeds.com|45.60.22.231|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://www.eattheweeds.com/ [following]
--2022-07-12 17:48:33-- https://www.eattheweeds.com/
Connecting to www.eattheweeds.com|45.60.22.231|:443... connected.
OpenSSL: error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version
Unable to establish SSL connection.
with https:
E:\gardening> wget --mirror --convert-links --html-extension --no-timestamping --no-clobber -erobots=off --page-requisites --user-agent=Mozilla https://www.eattheweeds.com/
--2022-07-12 17:45:38-- https://www.eattheweeds.com/
Resolving www.eattheweeds.com... 45.60.22.231
Connecting to www.eattheweeds.com|45.60.22.231|:443... connected.
OpenSSL: error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version
Unable to establish SSL connection.
I got my wget from this website.
https://sourceforge.net/projects/gnuwin32/files/wget/1.11.4-1/wget-1.11.4-1-setup.exe/download?use_mirror=cfhcable
Could my version of wget have something to do with this?
GNU Wget 1.11.4
Copyright (C) 2008 Free Software Foundation, Inc
Edit:
I downloaded wget version GNU Wget 1.21.3 built on mingw32 and it worked!
https://eternallybored.org/misc/wget/
https://builtvisible.com/download-your-website-with-wget/
The problem is your version of wget do not support new versions of TLS. And the web site need TLS v1.1 or 1.2. As you found you need new version of wget
As you use Windows next time maybe will be wise to use Power Shell which have incorporated version of wget
When trying out this tuturial => https://redis.io/topics/encryption
I keep getting this error on my local mac and remote linux:
Error accepting a client connection: error:1408F10B:SSL routines:ssl3_get_record:wrong version number (conn: fd=11)
The only difference is I run the command like this:
sudo ./src/redis-server /etc/redis/redis-6.2.6.conf
redis-6.2.6.conf
tls-cert-file /Users/dwesley/Documents/redis-6.2.6/tests/tls/redis.crt
tls-key-file /Users/dwesley/Documents/redis-6.2.6/tests/tls/redis.key
tls-ca-cert-file /Users/dwesley/Documents/redis-6.2.6/tests/tls/ca.crt
tls-dh-params-file /Users/dwesley/Documents/redis-6.2.6/tests/tls/redis.dh
tls-port 6379
tls-replication yes
tls-cluster yes
The certs got corrupted some how on generation, it works with properly generated certs.
wget -A pdf -m -p -E -k -K -nd https://www.ceratizit.com/
I am trying to run this command on Windows CMD but I keep gettign an error that:
SYSTEM_WGETRC = c:/progra~1/wget/etc/wgetrc syswgetrc = C:\Program Files (x86)\GnuWin32/etc/wgetrc --2021-07-07 10:03:45-- https://www.ceratizit.com/ Resolving www.ceratizit.com... 2.16.128.209, 2.16.128.225 Connecting to www.ceratizit.com|2.16.128.209|:443... connected. OpenSSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol Unable to establish SSL connection.
The same command works on linux but not on Windows. What can I try?
GNU Wget 1.11.4
I am trying to get Redis 6 (with TLS enabled during compilation, tests after compilation were successful) to work. I am using Lets Encrypt certificate and following configuration:
tls-port 63790
tls-cert-file /etc/letsencrypt/live/myserver.net/cert.pem
tls-key-file /etc/letsencrypt/live/myserver.net/privkey.pem
tls-ca-cert-dir /etc/letsencrypt/live/myserver.net/
tls-auth-clients no
tls-protocols "TLSv1.2 TLSv1.3"
and this client command from localhost
redis-cli --tls --cert /etc/letsencrypt/live/myserver.net/cert.pem --key /etc/letsencrypt/live/myserver.net/privkey.pem --cacert /etc/letsencrypt/live/myserver.net/fullchain.pem -h myserver.net -p 63790 -a password
Warning: Using a password with '-a' or '-u' option on the command line interface may not be safe.
Could not connect to Redis at myserver.net:63790: SSL_connect failed: certificate verify failed
this is output from redis log:
Error accepting a client connection: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca
While I am using openssl client with same certificates, i am able to connect and get ping reply from Redis server
No matter if I change
tls-ca-cert-dir /etc/letsencrypt/live/myserver.net/
to
tls-ca-cert
on server side
or
--cacert /etc/letsencrypt/live/myserver.net/fullchain.pem to chain.pem on client side
I tried to all versions of
tls-protocols ""
and change
tls-auth-clients no
to
tls-auth-clients optional
but I am still stuck with same error
OpenSSL version is 1.1.1
Redis version is 6.0.8
OS: Ubuntu 20.04
Can you help me to find out reason why is TLS not working, please?
Thank you
Wil
Ahh, SOLVED!
I was putting wrong CA chain. I had to chain root and intermediate certs downloaded from LE website into new file. It may come handy for someone with same problem.
I'm using NRPE (v2.15) on my Icinga-Server to check the memory usage on a
windows host with nsclient++ (v0.4.3.143).
Unluckily I always get the same error message when I try to check it:
./check_nrpe -H host01 -p 5666 -c CheckMem -a MaxWarn=95% MaxCrit=98% ShowAll type=physical
CHECK_NRPE: Error - Could not complete SSL handshake.