Article delegate-en/1936 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]

Newsgroups: mail-lists.delegate-en

[DeleGate-En] Antwort: Re: sslway and root cert
16 Oct 2002 07:32:50 GMT "Stephan Kraemer" <prmdqbdyi-aipdtq4sabfr.ml@ml.delegate.org>




Hy Thanx for the last mail .. i have changed for a  test to the beta 8_0_6 and i
have the following response

10/16 08:14:54.40 [708] 1+0: MOUNT[2]X[0] /-* = default
10/16 08:14:54.40 [708] 1+0: MOUNT[3]X[1] /=* = default
10/16 08:14:54.45 [708] 1+0: MOUNT[4]X[2] /* https://wpdynamic.wpsbank.de/*
(WIN) 14:54 [708] fcntl(fh=428/fd=29/sock=460) -> CloseOnExecSocket()
(WIN) 14:54 [708] fcntl(fh=508/fd=30/sock=504) -> CloseOnExecSocket()
(WIN) 14:54 [708] fcntl(fh=428/fd=29/sock=460) -> CloseOnExecSocket()
10/16 08:14:54.54 [708] 1+0: [FSV] callFilter2: 27=1 28=1 sslway -cert wps.pem
-pass pass:sslwps
10/16 08:14:54.54 [708] 1+0: #### execFilter[FSV] sslway -cert wps.pem -pass
pass:sslwps
10/16 08:14:54.59 [708] 1+0: #### [sslway](5) sslway -cert wps.pem -pass
pass:sslwps
(WIN) 14:54 [708] spawn() = 508 [0], children(alive=1,total=1)
(WIN) 14:54 [708] wait(0) = ...
(WIN) 14:55 [708] wait3() = 508 [0], status=-1073741819,
children(alive=0,total=1)
(WIN) 14:55 [708] wait(0) = 508
10/16 08:14:55.85 [2180] 1+1: HTTP realy_response: EOF at start
10/16 08:14:55.90 [2180] 1+1: #HT11 EOF from the server
10/16 08:14:55.90 [2180] 1+1: #HT11 close svsokcs[26,27]
10/16 08:14:55.92 [2180] 1+1/1: HCKA:[1] closed -- ?
10/16 08:14:55.93 [2180] 1+1/1: disconnected [18]
-@[193.25.207.168]s409nt1pr01.intern.sparkasse-
n.de:16721 (7.250s)(2)
(WIN) 14:55 [2180] wait3() = 544 [708], status=0, children(alive=0,total=1)
10/16 08:14:55.98 [2180] 1+1/1: CFI process [544] done (1/1 AFT-0)
s409nt1pr01.intern.sparkasse-bonn.de - - [16/Oct/2002:08:14:55 +0100] "GET
https://wpdynamic.wpsb
.de/ HTTP/1.1" 500 0 0*0.000+0.000:P:0?
10/16 08:14:56.01 [2180] 1+1: StickyServer done
[nonStickyProtocol(http:https:https)] 1 req / 1 c


=> her isnt no response from the IE

Why he dont load the Cert ???
---------------------------------------------------------------------------------------------------------------------------------------------------------------------

and here is the response from the 7_9_6 =>

(WIN) 22:36 [2136] spawn() = 512, children(alive=1,total=1)
10/16 09:22:36.50 [2136] 1+1: HTTP => (wpdynamic.wpsbank.de:443) GET /
HTTP/1.1^M
10/16 09:22:36.53 [2292] 1+0: HOSTLIST resized [0 -> 16]
10/16 09:22:36.54 [2292] 1+0: REMITTABLE = http,https/{443,563},gopher,ftp,wais
10/16 09:22:36.54 [2292] 1+0: MOUNT[0]=[0] /-* =
10/16 09:22:36.54 [2292] 1+0: MOUNT[1]=[1] /=* =
10/16 09:22:36.54 [2292] 1+0: MOUNT[2]=[2] /* https://wpdynamic.wpsbank.de/*
10/16 09:22:36.54 [2292] 1+0: [FSV] callFilter2: 26=1 27=1 sslway -cert wps.pem
-pass pass:sslwps
10/16 09:22:36.54 [2292] 1+0: #### execFilter[FSV] sslway -cert wps.pem -pass
pass:sslwps
10/16 09:22:36.54 [2292] 1+0: #### [sslway](5) sslway -cert wps.pem -pass
pass:sslwps
(WIN) 22:36 [2292] spawn() = 536, children(alive=1,total=1)
(WIN) 22:36 [2292] wait(0) = ...
## SSLway[2220](localhost) server's cert. =
**subject<</C=DE/ST=NRW/L=Duesseldorf/O=WestLB Systems/O
U=Internet Engineering/OU=Terms of use at www.d-trust.de/rpa (c)
01/OU=Authenticated by D-TRUST GmbH
/OU=Member, VeriSign Trust Network/CN=wpdynamic.wpsbank.de>>
**issuer<</O=VeriSign Trust Network/OU=
VeriSign, Inc./OU=VeriSign International Server CA - Class
3/OU=www.verisign.com/CPS Incorp.by Ref.
LIABILITY LTD.(c)97 VeriSign>>
(WIN) 22:38 [2292] wait3() = 536, status=0, children(alive=0,total=1)
(WIN) 22:38 [2292] wait(0) = 536
10/16 09:22:38.28 [2136] 1+1: E-P: No permission:
s409nt1pr01.intern.sparkasse-bonn.de:16862 => http
s://wpdynamic.wpsbank.de
10/16 09:22:38.28 [2136] 1+1: bind_insock(28,193.25.207.168,0) = 0, errno=0
10/16 09:22:38.29 [2136] 1+1: connectTO: assume in non-blocking mode
10/16 09:22:39.29 [2136] 1+1: ## connect[28] TIMEOUT(1000)
10/16 09:22:39.29 [2136] 1+1: ### IDENT
CONNECT(s409nt1pr01.intern.sparkasse-bonn.de:113) TIMEOUT(10
00ms) (10060)
10/16 09:22:39.32 [2136] 1+1: ####LS cannot open
e:\wps/act/delay/03/193.25.207.168:s409nt1pr01.inte
rn.sparkasse-bonn.de
10/16 09:22:39.32 [2136] 1+1: doDelay: clear old errors:
count=2,age=60271,delay=60
10/16 09:22:39.39 [2136] 1+1: HTTP error request: GET / HTTP/1.1^M
10/16 09:22:39.39 [2136] 1+1: HTTP error status: 403 Access Forbidden
10/16 09:22:39.39 [2136] 1+1: #HT11 NO-response-buffering: chunked mode
10/16 09:22:39.39 [2136] 1+1: HTTP error header: Server: Microsoft-IIS/5.0^M
10/16 09:22:39.39 [2136] 1+1: HTTP error header: Date: Wed, 16 Oct 2002 07:28:52
GMT^M
10/16 09:22:39.39 [2136] 1+1: HTTP error header: Connection: close^M
10/16 09:22:39.39 [2136] 1+1: #HT11 chunked, should skip: Content-Length: 4373^M
10/16 09:22:39.39 [2136] 1+1: HTTP error header: Content-Length: 4373^M
10/16 09:22:39.39 [2136] 1+1: HTTP error header: Content-Type: text/html^M
10/16 09:22:39.39 [2136] 1+1: #HT11 SERVER ver[HTTP/1.1] conn[close]
10/16 09:22:39.39 [2136] 1+1: #HT11 --putChunk-Header: Transfer-Encoding:
chunked^M
10/16 09:22:39.39 [2136] 1+1: HTTP error header: ^M
10/16 09:22:39.39 [2136] 1+1: HTTP/1.1 403 Content-{Type:text/html Encoding:[/]
Leng:4373} Server:Mi
crosoft-IIS/5.0


and the response from the IE is =>

Die Seite erfordert ein gültiges Clientzertifikat
Zur Anzeige der von Ihnen gewünschten Seite ist ein gültiges Clientzertifikat
erforderlich. Das Clientzertifikat ist nicht vertrauenswürdig oder ungültig. Das
Clientzertifikat wird verwendet, um Sie als einen anerkannten Benutzer der
Ressource zu identifizieren.

--------------------------------------------------------------------------------

Versuchen Sie Folgendes:

Klicken Sie auf die Schaltfläche Aktualisieren, um es erneut zu versuchen,
nachdem Sie das Clientzertifikat geändert haben.
Setzen Sie sich mit dem administrator des Webservers in Verbindung, um ein
gültiges Clientzertifikat zu erhalten.
Wenn Sie der Ansicht sind, dass Sie in der Lage sein sollten, das Verzeichnis
oder die Seite anzuzeigen, setzen Sie sich mit dem Websiteadministrator über die
E-Mail-Adresse oder Rufnummer, die auf der 193.25.207.168:8083 Homepage
aufgeführt ist, in Verbindung.
HTTP 403.16 - Verboten: Clientzertifikat nicht vertrauenswürdig oder ungültig
Internet-Informationsdienste

--------------------------------------------------------------------------------

That meens that the certifikate isnt valid ....

where ist my mistake ?? What can i do...

Thanx for an Answer

Cheers Stephan


|--------+----------------------->
|        |          feedback@dele|
|        |          gate.org     |
|        |          (Yutaka Sato)|
|        |                       |
|        |          15.10.02     |
|        |          12:34        |
|        |          Bitte        |
|        |          antworten an |
|        |          feedback     |
|        |                       |
|--------+----------------------->
  >----------------------------------------------------------------------------|
  |                                                                            |
  |       An:     feedback@delegate.org                                        |
  |       Kopie:  Stephan Kraemer@PROSERVICE                                   |
  |       Thema:  Re: sslway and root cert                                     |
  >----------------------------------------------------------------------------|





On 10/14/02(21:32) you "Stephan Kraemer" <Stephan.Kraemer@proservice.de> wrote
in <_A1931@delegate-en.ML_>
 |is it possible that the sslway  manage a private certifikate like this
 |configuration , see below
...
 |fine at other  destinations .. but it dont work here the answer ist  " NO
 |PERMISSION" i think that the problem is  the proxy must use 3 certifikates for
 |the connection.. and i dont know to tell him .. how to use it ..
...
 |10/14 14:12:18.81 [2272] 1+1: (0) accepted [17]
-@[193.25.207.168]s409nt1pr01.intern.sparkasse-bonn.de:11416 (0.062s)(3)
 |10/14 14:12:18.81 [2272] 1+1: PATH>
 |https://wpdyn.wps.de:443!
 |s409nt1pr01.intern.spb.de:8083!
 |s409nt1pr01.intern.spb.de:11416!anonymous@s409nt1pr01.intern.spb.de;1034597538
...
 |10/14 14:12:22.82 [2272] 1+1: E-P: No permission:
s409nt1pr01.intern.spb.de:11416 => https://wpdyn.wps.de

The message "No permission" does nothing to do with SSL certificate.
It is just the result of some (default) access restriction of DeleGate.
See <URL:http://www.delegate.org/delegate/Manual.htm#acl>
DeleGate/8.0 (distributed as in alpha status) shows the parameter which
should be specified to solve the rejection.

Cheers,
Yutaka
--
  @ @ Yutaka Sato <y.sato@delegate.org> http://www.delegate.org/y.sato/
 ( - ) National Institute of Advanced Industrial Science and Technology (AIST)
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller



_____________________________________________________________________
PROSERVICE - Gesellschaft für IT und Dienstleistungen mbH
Systeme
Friedensplatz 1-3
53101 Bonn (Germany)

Tel: 0228 / 606 - 52302, Fax: 0228 / 606 - 752302
mailto:Stephan.Kraemer@ProService..de, http://www.ProService.de
Amtsgericht Siegburg - HR B 5959

Der Austausch von Nachrichten mit der Proservice GmbH via eMail dient
ausschliesslich Informationszwecken. Rechtsgeschaeftliche Erklaerungen duerfen
ueber dieses Medium nicht ausgetauscht werden. Verfaelschungen des
urspruenglichen Inhaltes dieser Nachricht bei der Datenuebertragung koennen
nicht ausgeschlossen werden.



  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V