Layer7 API Management

  • 1.  unable to verify the cert on ssg servers

    Posted Nov 15, 2018 01:53 PM

    Hi There,

    when i does wget on the gateway server its say connect, but getting the below error.Pls advice.

     



  • 2.  Re: unable to verify the cert on ssg servers

    Broadcom Employee
    Posted Nov 15, 2018 02:19 PM

    Hi,

     

    Can you provide some further details ...

     

    What is the exact wget command you are executing?

    Can you provide the full output received?

    Are you executing the wget command directly on the gateway or from another server?

    The connection reset by peer seems to indicate the connection is getting dropped,

    is there any firewall in play?

     

     

    Thanks,

    Daren



  • 3.  Re: unable to verify the cert on ssg servers

    Posted Nov 15, 2018 02:31 PM

     Running the following directly on gateway

    wget --no-check-certificate https://vwhdpdtest.dmn.com:636

     



  • 4.  Re: unable to verify the cert on ssg servers

    Posted Nov 15, 2018 04:05 PM

    From the port number, I presume this is connecting to an LDAP server, correct? As wget is a third-party product, I am not intimately familiar with all the errors it can produce. However from a quick Google search, there was discussion that certain versions of wget do not support or know how to read a certificate with SNI. Can you confirm if the certificate presented by your LDAP server is utilizing SNI?

     

    Ref: centos - Unable to locally verify the issuer's authority - Unix & Linux Stack Exchange 



  • 5.  Re: unable to verify the cert on ssg servers
    Best Answer

    Broadcom Employee
    Posted Nov 15, 2018 07:50 PM

    I would recommend using the command: openssl s_client -connect <hostname>:<port> as wget is only for HTTP endpoints and as Dustin mentioned port 636 is for LDAPs.

     

    Sincerely,

     

    Stephen Hughes

    Broadcom Support