04-16-2012
does the AIX server have access to the VeriSign (or other certificate provider) site? This is a requirement to verify the certificate chain.
Domenic
9 More Discussions You Might Find Interesting
1. AIX
I'm currently investigating the secure ftp connection from AIX using shell script - It looks openssl is already install and don't know command to be used to connect the secure ftp server.
1. Do I need to install certificate on AIX ?.
2. If any one already design the script to connect secure... (0 Replies)
Discussion started by: dharanir
0 Replies
2. AIX
Hi,
a friend of mine passed there 223 last year and they gave me there testkiller document which was 65 questions, i am looking at doing my 223 exam and i have gone to testkiller recently and noticed there is an updated version which is now 383 questions.
I did the ibm pre-exam and all the... (1 Reply)
Discussion started by: rorted
1 Replies
3. UNIX for Dummies Questions & Answers
I wrote a very simple script to calculate the DB connection from an appserver and check the total netstat connection to a particular DB exceed 25 then it will send mail
netstat -a 2> /dev/null | awk '/.*ESTAB/{print $5}' | cut -d. -f1 | uniq -c | awk '{if ($1 > 25)print $2," exceed ",$1;}'
... (1 Reply)
Discussion started by: senthil.ak
1 Replies
4. AIX
I have created a .bff package for an app to tbe installed on AIX servers across regions. I am pretty new to the AIX mode of packaging using mkinstallp but I have been able to get the same done. I installed the same on the server in which i created the package and the application was deployed... (9 Replies)
Discussion started by: jobbyjoseph
9 Replies
5. Shell Programming and Scripting
Hi
I'm trying to create a connection with DB from shell script using the following string
sqlplus <user>@<db_instance>/<password>
in which I'm successful.
However, after connecting to DB it is giving me a sql prompt as follows
=====================
Connected to:
Oracle Database 10g... (2 Replies)
Discussion started by: sainisumit1
2 Replies
6. Emergency UNIX and Linux Support
Hi,
I'm trying to get a self-signed cert created on AIX 6.1, and it's not cooperating. I run the following command: gsk7cmd -cert -create -db /bin/A_CACertsOnly.kdb -pw blahblah -label testing -dn cn=machinename -expire 1000 -ca true...and get this response:
The function is not supported for... (3 Replies)
Discussion started by: tekster2
3 Replies
7. UNIX for Dummies Questions & Answers
Hi,
I'm trying to access to FTP SERVER over SSL with this script unix :
(credentials are correct)
#!/usr/bin/ksh
USER="test"
PASSWORD="pwdtest"
IP="**.***.*.***"
ftp -s $IP 990 << EOF >>log_ftp
user $USER $PASSWORD
bin
passive
EOF
but seems that credentials are not passed... (2 Replies)
Discussion started by: nash83
2 Replies
8. Shell Programming and Scripting
I have a requirement for which I had to connect to a server using FTPS. I have been provided with these,
connection method: FTPS
Server Name
Port for explicit and implicit
Login user
I would like to know the FTPS command/script in order to connect to there server and get a file.
... (5 Replies)
Discussion started by: r@v!7*7@
5 Replies
9. UNIX for Advanced & Expert Users
Hi,
I am working on an application which runs on an Informatica Red-Hat 5.10 Linux Server.
The application involves several Informatica ETL workflows which generate 100s of Text files with lot of data. Many of the files will each be up to 5 GB in size.
Currently the Informatica server itself... (7 Replies)
Discussion started by: waavman
7 Replies
LEARN ABOUT REDHAT
ne_ssl_set_verify
NE_SSL_SET_VERIFY(3) neon API reference NE_SSL_SET_VERIFY(3)
NAME
ne_ssl_set_verify - register an SSL certificate verification callback
SYNOPSIS
#include <ne_session.h>
typedef int (*ne_ssl_verify_fn) (void *userdata, int failures, const ne_ssl_certificate *cert);
void ne_ssl_set_verify (ne_session *session, ne_ssl_verify_fn verify_fn, void *userdata);
DESCRIPTION
To enable manual SSL certificate verification, a callback can be registered using ne_ssl_set_verify. If such a callback is not registered,
when a connection is established to an SSL server which does not present a certificate signed by a trusted CA (see ne_ssl_load_ca(3)), or
if the certificate presented is invalid in some way, the connection will fail.
When the callback is invoked, the failures parameter gives a bitmask indicating in what way the automatic certificate verification failed.
The value is equal to the bit-wise OR of one or more of the following constants (and is guaranteed to be non-zero):
NE_SSL_NOTYETVALID
The certificate is not yet valid.
NE_SSL_EXPIRED
The certificate has expired.
NE_SSL_CNMISMATCH
The hostname used for the session does not match the hostname to which the certificate was issued: this could mean that the connec-
tion has been intercepted.
NE_SSL_UNKNOWNCA
The Certificate Authority which signed the certificate is not trusted.
The cert parameter passed to the callback describes the certificate which was presented by the server, see ne_ssl_certificate(3) for more
details. The certificate object given is only valid until the callback returns.
RETURN VALUE
The verification callback must return zero to indicate that the certificate should be trusted; and non-zero otherwise (in which case, the
connection will fail).
EXAMPLES
Manual certificate verification:
static int
my_verify(void *userdata, int failures, const ne_ssl_certificate *cert)
{
/* leak the return values of ne_ssl_readable_dname for simplicity! */
printf("Issuer: %s
", ne_ssl_readable_dname(cert->issuer);
printf("Subject: %s
", ne_ssl_readable_dname(cert->subject);
if (failures & NE_SSL_CNMISMATCH) {
printf("Server certificate was issued to `%s'; "
"connection may have been intercepted!
",
cert->subject->commonName);
}
if (failures & NE_SSL_EXPIRED) {
printf("Server certificate expired on %s!", cert->until);
}
/* ... check for other failures ... */
if (prompt_user())
return 1; /* fail verification */
else
return 0; /* trust certificate */
}
int
main(...)
{
ne_session *sess = ne_session_create("https", "some.host.name", 443);
ne_ssl_set_verify(sess, my_verify, NULL);
...
}
SEE ALSO
ne_ssl_certificate(3), ne_ssl_load_ca(3), ne_ssl_dname(3), ne_ssl_readable_dname(3)
AUTHOR
Joe Orton <neon@webdav.org>.
neon 0.23.5 8 October 2002 NE_SSL_SET_VERIFY(3)