1 year ago
#68902
Bram van de Kooi
Transfer data to a secured database by POST message and authentication using a servercertificate
We want to establish a secured connection with our governmental institute that collects laboratory analysis that are performed for the legal determination of the nutrient content.
For this we connection we they have two end points: Acception-environment: https://acceptatie.webservices.dictu.nl/labws/LabAnalyse 145.12.137.54 Production-environment: https://webservices.dictu.nl/labws/LabAnalyse They use WS-security 1.1 standard from OASIS, Username Token profile 1.1.
I should use a:
- TLS 1.2. connection
- Send an xml/soap message with header containing username and password.
https://mijn.rvo.nl/documents/20448/1376512/Berichtenboek+LAI+Services.pdf/ae4050ad-a083-4a68-8443-f8e969cdcf8b?t=1574153232177 (Document with information on this, if any translation is required please let me know).
We have ordered the required certificate PKIoverheid Public servercertificate.
Of this I have received a .pem and .key file. I added the .pem to Certmgr.exe in windows 10 also the required CA files: KPN PKIoverheid server CA 2020; Staat der Nederlanden Server CA 2020 and Staat der Nederlanden EV Root CA
At the side of the government they have installed the public key which was in the .pem certificate; they removed the IP-restriction.
Now we do try to connect to their server and post a SOAP message but so far we have not been able to get this working.
First we tried SOAPUI, but then we run in to the error:
ERROR:java.net.UnknownHostException: acceptatie.webservices.dictu.nl
Then we tried to send the message using curl, but somehow I do not manage to get it working.
$ curl -k –-cert mestanalyse.wur.nl_20210923.pem –-key mestanalyse.wur.nl.key -cacert 20220113_mestanalyse.wur.nl_onlyroots.cer -H "Content-Type: text/xml" -d @message-to-rvo.xml https://acceptatie.webservices.dictu.nl/labws/LabAnalyse --trace-ascii logging
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0curl: (6) Could not resolve host: xn---cert-xu3b
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0curl: (6) Could not resolve host: mestanalyse.wur.nl_20210923.pem
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0curl: (6) Could not resolve host: xn---key-z86a
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0curl: (6) Could not resolve host: mestanalyse.wur.nl.key
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0curl: (6) Could not resolve host: 20220113_mestanalyse.wur.nl_onlyroots.cer
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
According to the governmental institute we try to connect with a certificate with the wrong common name (CN). Namely the CN which is mentioned in my personal client authentication certificate. I guess this indicates that the wrong certificate is send, but somehow I have not been able to solve this. Furthermore, I can't figure out what causes the could not resolve host error.
If you do have any idea what could solve this or help me any further, please let me know.
Kind regards, Bram
Edit: when I add -v, I do have to remove --trace-ascii as this overrides the -v command. The result:
kool035@L0154532 MINGW64 ~
$ curl -v -k –-cert mestanalyse.wur.nl_20210923.pem –-key mestanalyse.wur.nl.key -cacert 20220113_mestanalyse.wur.nl_onlyroots.cer -H "Content-Type: text/xml" -d @message-to-rvo.xml https://acceptatie.webservices.dictu.nl/labws/LabAnalyse
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Could not resolve host: xn---cert-xu3b
* Closing connection 0
curl: (6) Could not resolve host: xn---cert-xu3b
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Could not resolve host: mestanalyse.wur.nl_20210923.pem
* Closing connection 1
curl: (6) Could not resolve host: mestanalyse.wur.nl_20210923.pem
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Could not resolve host: xn---key-z86a
* Closing connection 2
curl: (6) Could not resolve host: xn---key-z86a
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Could not resolve host: mestanalyse.wur.nl.key
* Closing connection 3
curl: (6) Could not resolve host: mestanalyse.wur.nl.key
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Could not resolve host: 20220113_mestanalyse.wur.nl_onlyroots.cer
* Closing connection 4
curl: (6) Could not resolve host: 20220113_mestanalyse.wur.nl_onlyroots.cer
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 145.12.137.54:443...
* Connected to acceptatie.webservices.dictu.nl (145.12.137.54) port 443 (#5)
* ALPN, offering h2
* ALPN, offering http/1.1
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [59 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [5589 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [621 bytes data]
* TLSv1.2 (IN), TLS handshake, Request CERT (13):
{ [36 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Certificate (11):
} [7 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [102 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS alert, handshake failure (552):
{ [2 bytes data]
* error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
* Closing connection 5
curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
Forced the handshake to be in TLS1.2:
kool035@L0154532 MINGW64 ~
$ curl --tlsv1.2 --tls-max 1.2 -v -k –-cert mestanalyse.wur.nl_20210923.pem –-key mestanalyse.wur.nl.key -cacert 20220113_mestanalyse.wur.nl_onlyroots.cer -H "Content-Type: text/xml" -d @message-to-rvo.xml https://acceptatie.webservices.dictu.nl/labws/LabAnalyse
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Could not resolve host: xn---cert-xu3b
* Closing connection 0
curl: (6) Could not resolve host: xn---cert-xu3b
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Could not resolve host: mestanalyse.wur.nl_20210923.pem
* Closing connection 1
curl: (6) Could not resolve host: mestanalyse.wur.nl_20210923.pem
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Could not resolve host: xn---key-z86a
* Closing connection 2
curl: (6) Could not resolve host: xn---key-z86a
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Could not resolve host: mestanalyse.wur.nl.key
* Closing connection 3
curl: (6) Could not resolve host: mestanalyse.wur.nl.key
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Could not resolve host: 20220113_mestanalyse.wur.nl_onlyroots.cer
* Closing connection 4
curl: (6) Could not resolve host: 20220113_mestanalyse.wur.nl_onlyroots.cer
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 145.12.137.54:443...
* Connected to acceptatie.webservices.dictu.nl (145.12.137.54) port 443 (#5)
* ALPN, offering h2
* ALPN, offering http/1.1
} [5 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
} [247 bytes data]
* TLSv1.2 (IN), TLS handshake, Server hello (2):
{ [59 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [5589 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [621 bytes data]
* TLSv1.2 (IN), TLS handshake, Request CERT (13):
{ [36 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Certificate (11):
} [7 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [102 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS alert, handshake failure (552):
{ [2 bytes data]
* error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
* Closing connection 5
curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
It seems like a different personal certificate is send to be send while mestanalyse.wur.nl should be used.
curl
post
soapui
tls1.2
client-certificates
0 Answers
Your Answer