Open-source Languages & Tools for z/OS

 View Only
  • 1.  curl: Access to a remote system using a personal certificate

    Posted 03-30-2023 08:39

    From my WorkStation (Mac in this case) I execute by curl an api authenticating me through a personal certificate:

    jmfernandezp@Josemas-MacBook-Pro ~ % curl -X GET -k -H 'CICS-Environment: A6' -i 'https://zosa.tor.es.ibm.com:7050/issdbdc/progprba/Hola' --cert ~/Customizacion\ Productos/Certificados/personal_p083598.pem:Josema
    HTTP/1.1 200 OK
    X-Powered-By: Servlet/3.1
    Content-Type: application/json; charset=UTF-8
    Content-Language: en-US
    Content-Length: 146
    Set-Cookie: LtpaToken2=orhzg9vapG1Pc+FCqUDptJERA9U2SNWGPUvdAVrShFHFiKZP6sE8DBi9jFh88MV4VcbyNUGr6o8nxNScDZFZX9RQfOuARKMyCmaGrHFSkScTWkkCxyV3WRngiKPA/4OYRRTt+eArYFyouzMsmOetUdt/QuXbh7moFJol1OcrNFJtu9cbQqKg0uL/fjM2kJ8CgaoBZUL/WJw9b804oZfe//Nvon0bhI4C8lYt77F9F8m7ZEOHbtgYQ9SsnZ6AdprMxv78OrwjaJntZedkAWEotEk0kNjzvLLDzMrdgOHnmVtAEN4yfZHxe+hwIq6MjJDH; Path=/; HttpOnly
    Set-Cookie: JSESSIONID=0000WLMVWLLT710Qmo9JJwgmF67:dd4c67f3-f2dd-48b7-b879-31de8f82960a; Path=/; Secure; HttpOnly
    Date: Thu, 30 Mar 2023 11:35:24 GMT
    Expires: Thu, 01 Dec 1994 16:00:00 GMT
    Cache-Control: no-cache="set-cookie, set-cookie2"

    {"PROGPRBAOperationResponse":{"mensaje":{"eib_term":"\/ADJ","eib_tran":"CPMI","userid":"P083598","applid":"CRAZA6T1","sysid":"A6T1","comare":""}}}%                

    jmfernandezp@Josemas-MacBook-Pro ~ % 

    I have transmitted the file with the certificate to the z/OS (both ASCII and EBCDIC) but the result when I run the same curl as on the Mac is an error:

    P083598:/u/P083598:>curl -X GET -k -i 'https://zosa.tor.es.ibm.com:7050/issdbdc/progprba/Hola' --cert p083598.pem.ebc:Josema                                    
    curl: (58) could not load PEM client certificate, OpenSSL error error:02001081:system library:fopen:reason(129), (no key found, wrong pass phrase, or wrong file format?)                                                                       
    P083598:/u/P083598:>curl -X GET -k -i 'https://zosa.tor.es.ibm.com:7050/issdbdc/progprba/Hola' --cert p083598.pem.asc:Josema                                    
    curl: (58) could not load PEM client certificate, OpenSSL error error:02001081:system library:fopen:reason(129), (no key found, wrong pass phrase, or wrong file format?)                                                                       
    P083598:/u/P083598:>                                                            

    My versions of curl are:

    jmfernandezp@Josemas-MacBook-Pro ~ % curl --version
    curl 7.87.0 (x86_64-apple-darwin22.0) libcurl/7.87.0 (SecureTransport) LibreSSL/3.3.6 zlib/1.2.11 nghttp2/1.51.0
    Release-Date: 2022-12-21
    Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
    Features: alt-svc AsynchDNS GSS-API HSTS HTTP2 HTTPS-proxy IPv6 Kerberos Largefile libz MultiSSL NTLM NTLM_WB SPNEGO SSL threadsafe UnixSockets

    P083598:/u/P083598:>curl --version                                              
    curl 7.77.0 (i370-ibm-openedition) libcurl/7.77.0 OpenSSL/1.1.1k zlib/1.2.11 libssh2/1.9.0_DEV nghttp2/1.33.0                                                   
    Release-Date: 2021-05-26                                                        
    Protocols: dict file ftp ftps gopher gophers http https imap imaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp                                
    Features: alt-svc GSS-API HSTS HTTP2 HTTPS-proxy IPv6 Kerberos Largefile libz NTLM NTLM_WB SPNEGO SSL TLS-SRP UnixSockets                                       

    Any idea?



    ------------------------------
    Josema Fernández Palacios
    Rocket Forum Shared Account
    ------------------------------


  • 2.  RE: curl: Access to a remote system using a personal certificate

    ROCKETEER
    Posted 03-31-2023 06:28
    Edited by Alexander Klochkov 03-31-2023 06:28

    Hi Josema,

    Are your certificate files readable (cat p083598.pem* is ok) and tagged correctly (ls -T p083598.pem*)?

    Thanks,

    Alexander



    ------------------------------
    Alexander Klochkov
    QA
    Rocket Internal - All Brands
    Vilnius LT
    ------------------------------



  • 3.  RE: curl: Access to a remote system using a personal certificate

    Posted 04-04-2023 08:46
    Edited by Josema Fernández Palacios 04-04-2023 08:48

    Thanks alexander. I solved the problem using iconv to convert EBCDIC to ASCII certificate