HPE Community
Operating System - HP-UX
1777016 Members
1850 Online
109062 Solutions
New Discussion юеВ

HTTPS over SSL for the product HP-UX

 
SOLVED
Go to solution
PK_1975
Frequent Advisor

тАО05-08-2008 01:00 PM

тАО05-08-2008 01:00 PM

HTTPS over SSL for the product HP-UX

Hi

Can anyone help in
HP-UX, that connects to an HTTPS site through SSL

0 Kudos
Reply
28 REPLIES 28
Steven Schweda
Honored Contributor

тАО05-08-2008 02:13 PM

тАО05-08-2008 02:13 PM

Solution

Re: HTTPS over SSL for the product HP-UX

Use a Web browser or wget?

Do you want an HTTPS client or an HTTPS
server on HP-UX?

What, exactly, are you trying to do?
Reply
PK_1975
Frequent Advisor

тАО05-09-2008 05:47 AM

тАО05-09-2008 05:47 AM

Re: HTTPS over SSL for the product HP-UX

Actually we are tranfering the files through ftp now we would like to tranfer files through secure site ie HTTPS through SSL.
0 Kudos
Reply
PK_1975
Frequent Advisor

тАО05-09-2008 06:03 AM

тАО05-09-2008 06:03 AM

Re: HTTPS over SSL for the product HP-UX

Actually we are tranfering the files through ftp now we would like to tranfer files through secure site ie HTTPS through SSL.

so we want to use web-browser.

Can u give me the solution
0 Kudos
Reply
Steven Schweda
Honored Contributor

тАО05-09-2008 10:11 AM

тАО05-09-2008 10:11 AM

Re: HTTPS over SSL for the product HP-UX

If you want to replace FTP with something
more secure, you might look at SFTP or SCP.

man ssh
man sftp
man scp

> so we want to use web-browser.

Really? That sounds harder than using SFTP.

> Can u give me the solution

If you really want to use HTTPS, the details
would depend on the answer to this old
question:

> Do you want an HTTPS client or an HTTPS
> server on HP-UX?

But I'd expect SFTP (or SCP) to be easier to
adopt.
Reply
PK_1975
Frequent Advisor

тАО05-09-2008 10:37 AM

тАО05-09-2008 10:37 AM

Re: HTTPS over SSL for the product HP-UX

I want to use HTTPS

so i need HTTPS client on HP-UX
0 Kudos
Reply
Matti_Kurkela
Honored Contributor

тАО05-09-2008 10:44 PM

тАО05-09-2008 10:44 PM

Re: HTTPS over SSL for the product HP-UX

The default installations of HP-UX have contained a version of Netscape/Mozilla/Firefox web browser since HP-UX 10.20. Look into /opt/netscape, /opt/mozilla and/or /opt/firefox as appropriate.

If you don't have it installed, see:
http://www.hp.com/go/firefox

Of course running a GUI-based browser requires that you have X Window System working.

If you are planning to create a script to automate the downloading of some files, a command-line tool like wget would be a much simpler solution.

Wget is available from the Porting Archive:
http://hpux.cs.utah.edu/hppd/hpux/Gnu/wget-1.11.1/

Note that to make it work, you must install the packages listed as Run-Time Dependencies first.

MK
MK
Reply
PK_1975
Frequent Advisor

тАО05-12-2008 09:04 AM

тАО05-12-2008 09:04 AM

Re: HTTPS over SSL for the product HP-UX

Thanks for ur information.

I need some more information with OpenSSL, because we already installed on our HP-UX systems it appears, and might be able to do the command line retrieves and transmits.
0 Kudos
Reply
Tim Nelson
Honored Contributor

тАО05-12-2008 09:07 AM

тАО05-12-2008 09:07 AM

Re: HTTPS over SSL for the product HP-UX

Check out cURL at software.hp.com

This will allow ftp over ssl ( a.k.a ftps )programatically.

Reply
PK_1975
Frequent Advisor

тАО05-12-2008 09:17 AM

тАО05-12-2008 09:17 AM

Re: HTTPS over SSL for the product HP-UX


As you said this will allow ftp over ssl
but we need https over ssl


"I need some more information with OpenSSL, because we already installed on our HP-UX systems it appears, and might be able to do the command line retrieves and transmits."
0 Kudos
Reply
Heironimus
Honored Contributor

тАО05-12-2008 09:52 AM

тАО05-12-2008 09:52 AM

Re: HTTPS over SSL for the product HP-UX

OpenSSL is a low-level SSL toolkit and is not intended to be used directly for making HTTPS client connections. You should use wget, curl, or one of the other utilities that was designed for that. Many (most?) of those tools will rely on OpenSSL's libraries for their SSL capabilities, but the OpenSSL command-line tool is really only used directly for managing keys/certificates and connection troubleshooting.
Reply
PK_1975
Frequent Advisor

тАО05-12-2008 10:13 AM

тАО05-12-2008 10:13 AM

Re: HTTPS over SSL for the product HP-UX

When i checked cURL in software.hp.com, i have seen 3 option.

HP-UX Internet Express for HP-UX 11i v1
HP-UX Internet Express for HP-UX 11i v2
HPUX Internet Express for HP-UX 11i v3

My version of the OpenSSL is 0.9.7d

So suggest me which one can i use
0 Kudos
Reply
Tim Nelson
Honored Contributor

тАО05-12-2008 10:49 AM

тАО05-12-2008 10:49 AM

Re: HTTPS over SSL for the product HP-UX

What version of HPUX are you running ??

11iv1, 11iv2 or 11iv3 ??????

Reply
PK_1975
Frequent Advisor

тАО05-14-2008 10:54 AM

тАО05-14-2008 10:54 AM

Re: HTTPS over SSL for the product HP-UX

Hi

We installed cURL, could u give me advise how to use curl to retrieve and push data to that https site?
0 Kudos
Reply
PK_1975
Frequent Advisor

тАО05-14-2008 10:54 AM

тАО05-14-2008 10:54 AM

Re: HTTPS over SSL for the product HP-UX

Hi

We installed cURL, could u give me advise how to use curl to retrieve and push data to the remote https site?
0 Kudos
Reply
Steven Schweda
Honored Contributor

тАО05-14-2008 12:06 PM

тАО05-14-2008 12:06 PM

Re: HTTPS over SSL for the product HP-UX

> [...] push data to the remote https site?

HTTPS (Hypertext Transfer Protocol Secure, or
Hypertext Transfer Protocol over SSL, if you
prefer), like HTTP, involves a client program
(like a Web browser or wget or cURL) sending
requests to an HTTPS server (like Apache),
which then acts upon that request. Unlike
FTP (or SFTP), it was not intended as a
general file transfer protocol. Fetching a
file is pretty easy, but sending one requires
some cooperation from the HTTPS server.

Even with FTP, most servers are more willing
to send a file than to accept one. With
HTTP[S], it's even harder.

> What, exactly, are you trying to do?

Still waiting for a clear answer to that one.
Hint: It's often more productive to list your
actual requirements ("I need to send files
securely from system X to system Y.") than it
is to ask how to implement some arbitrary
(sub-ideal) implementation of some arbitrary
(sub-ideal) solution ("HTTPS").
Reply
PK_1975
Frequent Advisor

тАО05-14-2008 12:11 PM

тАО05-14-2008 12:11 PM

Re: HTTPS over SSL for the product HP-UX

actually i need to install any browser in machine? to transfer the file from system x to system y.

and can u give some command on unix to access
0 Kudos
Reply
PK_1975
Frequent Advisor

тАО05-14-2008 03:08 PM

тАО05-14-2008 03:08 PM

Re: HTTPS over SSL for the product HP-UX

Hi

How to install .pfx files in HP-UX, could u provide the command and also how we will send file and receive file from the remote system by using curl command line
0 Kudos
Reply
PK_1975
Frequent Advisor

тАО05-15-2008 12:07 PM

тАО05-15-2008 12:07 PM

Re: HTTPS over SSL for the product HP-UX

Hi

tell now no one given me the answer to my request.

I intall the .pkx file in unix and trying to connect the remote site, but it is not connecting here is the error. Please respond to my request and give steps to resolve from this problem

Here is the error

29394:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1052:SSL alert number 40
29394:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:226:
0 Kudos
Reply
PK_1975
Frequent Advisor

тАО05-15-2008 12:08 PM

тАО05-15-2008 12:08 PM

Re: HTTPS over SSL for the product HP-UX

Hi


I intall the .pkx file in unix and trying to connect the remote site, but it is not connecting here is the error. Please respond to my request and give steps to resolve from this problem

Here is the error

29394:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1052:SSL alert number 40
29394:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:226:
0 Kudos
Reply
Steven Schweda
Honored Contributor

тАО05-15-2008 04:03 PM

тАО05-15-2008 04:03 PM

Re: HTTPS over SSL for the product HP-UX

> Please respond to my request [...]

> > What, exactly, are you trying to do?

> Still waiting for a clear answer to that one.

Please respond to mine.

I don't know exactly what you're trying to
do. This makes it hard to offer useful
advice.

> [...] to transfer the file from system x to
> system y.

What are "system x" and "system y"? At which
one are you? What software is available at
the other one? Transfer which way(s)?

> [...] .pfx files [...]

What are they?

> [...] the .pkx file [...]

What's that?

> Here is the error [...]

And what did you do to get this error?
Reply
PK_1975
Frequent Advisor

тАО05-19-2008 09:03 AM

тАО05-19-2008 09:03 AM

Re: HTTPS over SSL for the product HP-UX

HI

I got the .pfx file from the customer,
converted into .pem file by using the command
openssl pkcs12 -in .pfx -out .pem
i given the PEM pass phares for that

i tried to connect the customer site
openssl s_client -connect host:port
it is not connecting

curl https://host:port
the error is "error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure"

can anyone helpme to install the .pfx file
and how to connect the client site.

Thanks

0 Kudos
Reply
Matti_Kurkela
Honored Contributor

тАО05-19-2008 07:06 PM

тАО05-19-2008 07:06 PM

Re: HTTPS over SSL for the product HP-UX

OK, now that looks like some good information.

If the .pfx file required a pass phrase, it contains not only a SSL certificate, but also a SSL private key. Apparently your customer requires you, a SSL client in the context of this connection, to authenticate using a "SSL client certificate". This is a not-so-common way to use SSL, but certainly possible.

If your "openssl pkcs12" command was successful, the .pem file should now contain two segments, like this:

-----BEGIN RSA PRIVATE KEY-----

-----END RSA PRIVATE KEY-----

and:

-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----

The CERTIFICATE segment may be before or after the PRIVATE KEY segment; the order is not important.

You must now tell "openssl s_client" and "curl" that you have a client certificate that you are willing to use for authentication.
To do that, you must use the "-cert " option with the "openssl s_client" command, i.e.:

openssl s_client -cert YourCertificateFile.pem -connect host:port

This takes care of one half of the authentication problem: when your client presents the certificate to the remote server, the remote server can be assured that you have legitimate business with it.
The s_client command will also display the certificate of the remote server. You can store it and use it later to confirm that you're still accessing the same server, i.e. nobody is trying to redirect your connection to a malicious server.

But the "openssl s_client" will only allow you to confirm that the connection works; it will not actually transfer any files without a major extra effort. To transfer files, you need curl or something similar.

To download files from the remote server, use curl like this:

curl --cert YourCertificateFile.pem https://host:port/path/filename

To upload files to the remote server, you need to know one more thing: which HTTP(S) method you're supposed to use in sending the data? The choices are POST and PUT. PUT is better suited for file transfer, but POST is much more widely supported.

To upload using HTTP(S) PUT method:

curl --cert YourCertificateFile.pem -T localfile https://host:port/path/

or, if you want to specify the remote filename:

curl --cert YourCertificateFile.pem -T localfile https://host:port/path/remotefile


To upload using the POST method, you would use:

curl --cert YourCertificateFile.pem --data-binary @localfile https://host:port/path/destination

If you're supposed to use the POST method in sending data, your client should have given you the *exact* destination URL to use. If you change *anything* in the POST destination URL, your data may not get processed correctly at the remote end.

MK
MK
Reply
PK_1975
Frequent Advisor

тАО05-20-2008 03:32 AM

тАО05-20-2008 03:32 AM

Re: HTTPS over SSL for the product HP-UX

Hi Thanks for the information I need some more information

openssl s_client -cert YourCertificateFile.pem -connect host:port
when i used the above command is has been worked.

Now I am trying to download a file from the remote server.

as u said i used the command

curl --cert YourCertificateFile.pem https://host:port/path/filename

but it showing an error

"Unknown SSL protocol error in connection to host:port"

could you explain me how to resolved this problem.

Thanks
0 Kudos
Reply
PK_1975
Frequent Advisor

тАО05-20-2008 03:42 AM

тАО05-20-2008 03:42 AM

Re: HTTPS over SSL for the product HP-UX

one more error

when i used the command for the .pfx file

openssl s_client -cert YourCertificateFile.pem -connect host:port
it is return with code:19

CONNECTED(00000003)
depth=2 /C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust Global Root
verify error:num=19:self signed certificate in certificate chain
verify return:0
---

and also could u explain to resolved this problem
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.