I'm having a terrible time getting SSL to verify a certificate. I'm completely ignorant on how certificates work so that's a major handicap to begin with. Here's the error I get when running the script:
c:/Ruby191/lib/ruby/1.9.1/net/http.rb:611:in `connect': SSL_connect returned=1 e
rrno=0 state=SSLv3 read server certificate B: certificate verify failed (OpenSSL
::SSL::SSLError)
Here's the relevant code:
client = Savon::Client.new order_svc
request = client.create_empty_cart { |soap, http|
http.auth.ssl.cert_file = 'mycert.crt'
http.auth.ssl.verify_mode = :none
http.read_timeout = 90
http.open_timeout = 90
http.headers = { "Content-Length" => "0", "Connection" => "Keep-Alive" }
soap.namespaces["xmlns:open"] = "http://schemas.datacontract.org/2004/07/Namespace"
soap.body = {
"wsdl:brand" => brand,
"wsdl:parnter" => [
{"open:catalogName" => catalogName, "open:partnerId" => partnerId }
] }.to_soap_xml
}
Any help is appreciated.
check your cert.pem and your key.pem
the cert key should have one
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgIKG1DIagAAAAAAAzANBgkqhkiG9w0BAQsFADCBvDEkMCIG
....
-----END CERTIFICATE-----
your key.pem should have
-----BEGIN PRIVATE KEY-----
CSqGSIb3DQEJARYVY2Fjb250YWN0QGVzY3JlZW4uY29tMQswCQYDVQQGEwJVUzEP
....
-----END PRIVATE KEY-----
and it may have some certs in it but that doesn't matter for this case. (Although it does for me as curl doesn't work without the extra certs) The webservice I am talking to has a good root CA, but the client auth keys are not trusted so this is probably why the extra certs make curl work.
getting those out of your client certificate was what caused me the problems.
here is what worked for me.
openssl pkcs12 -in Client.pfx -clcerts -nokeys -out cert.pem
openssl pkcs12 -in Client.pfx -nodes -out key.pem
each will prompt you for the Import password and you can set a pem password if you want. (you would have to set that in the ruby code later)
require 'savon'
client = Savon::Client.new "https://service/Service.asmx?wsdl"
client.http.auth.ssl.cert_key_file = "key.pem"
client.http.auth.ssl.cert_file = "cert.pem"
client.http.auth.ssl.verify_mode=:peer
p client.wsdl.soap_actions
you can also test with curl
curl -v -E key.pem https://services/Service.asmx?wsdl