Remedy - AR System Mid Tier - How to check if a server SSL certificate is trusted by a Linux command line tool

Manage Support IDs

Use checkboxes to 'Remove support IDs/Users' or 'Allow to create Cases'
Support IDs for BMC Customer Support Site Guest User
Profiles Which Include    Back to All Support IDs
 

Knowledge Article

Remedy - AR System Mid Tier - How to check if a server SSL certificate is trusted by a Linux command line tool
Remedy - AR System Mid Tier - How to check if a server SSL certificate is trusted by a Linux command line tool
Remedy AR System Server
AR System Mid Tier
any web application that is accessible from a linux command line
Remedy AR System Server
AR System Mid Tier
any web application that is accessible from a linux command line
In a linux system how do I check if the certificate from a webserver is valid?
This knowledge article may contain information that does not apply to version 21.05 or later which runs in a container environment. Please refer to Article Number 000385088 for more information about troubleshooting BMC products in containers.

There are several tools to test this.
If native Linux tools are preferred use
curl 
or 
wget

if a 3rd party tool such as HttpTestClient can be installed use this one instead for remedy related issued
https://communities.bmc.com/docs/DOC-129733

For SUSE you can check the following link:
https://www.suse.com/es-es/support/kb/doc/?id=000019003

CURL

curl -v https://localhost:8443

-v flag is recommended
This is the output if the server certificate is not trusted
  
* STATE: INIT => CONNECT handle 0x800083148; line 1491 (connection #-5000)
* Added connection 0. The cache now contains 1 members
* STATE: CONNECT => WAITRESOLVE handle 0x800083148; line 1532 (connection #0)
*   Trying ::1:8443...
* TCP_NODELAY set
* STATE: WAITRESOLVE => WAITCONNECT handle 0x800083148; line 1611 (connection #0)
* Connected to localhost (::1) port 8443 (#0)
* STATE: WAITCONNECT => SENDPROTOCONNECT handle 0x800083148; line 1667 (connection #0)
* Marked for [keep alive]: HTTP default
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* STATE: SENDPROTOCONNECT => PROTOCONNECT handle 0x800083148; line 1682 (connection #0)
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: self signed certificate in certificate chain
* Marked for [closure]: Failed HTTPS connection
* multi_done
* Closing connection 0
* The cache now contains 0 members
* Expire cleared (transfer 0x800083148)
curl: (60) SSL certificate problem: self signed certificate in certificate chain
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
In contrast when certificate is trusted 
* STATE: INIT => CONNECT handle 0x800083148; line 1491 (connection #-5000)
* Added connection 0. The cache now contains 1 members
* STATE: CONNECT => WAITRESOLVE handle 0x800083148; line 1532 (connection #0)
*   Trying 74.201.172.176:443...
* TCP_NODELAY set
* STATE: WAITRESOLVE => WAITCONNECT handle 0x800083148; line 1611 (connection #0)
* Connected to communities.bmc.com (74.201.172.176) port 443 (#0)
* STATE: WAITCONNECT => SENDPROTOCONNECT handle 0x800083148; line 1667 (connection #0)
* Marked for [keep alive]: HTTP default
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* STATE: SENDPROTOCONNECT => PROTOCONNECT handle 0x800083148; line 1682 (connection #0)
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: C=US; ST=Texas; L=Houston; O=BMC Software, Inc.; OU=Sales Operations - Worldwide Field Infrastructure; CN=communities.bmc.com
*  start date: Jan 14 00:00:00 2020 GMT
*  expire date: Feb 19 12:00:00 2021 GMT
*  subjectAltName: host "communities.bmc.com" matched cert's "communities.bmc.com"
*  issuer: C=US; O=DigiCert Inc; CN=DigiCert SHA2 Secure Server CA
*  SSL certificate verify ok.


wget

wget  https://localhost:8443
When the certificate is not trusted 
Resolving localhost (localhost)... ::1, 127.0.0.1
Connecting to localhost (localhost)|::1|:8443... connected.
GnuTLS: A TLS fatal alert has been received.
GnuTLS: received alert [42]: Certificate is bad
Unable to establish SSL connection.

When the certificate is trusted 
--2020-08-10 16:06:26--  https://communities.bmc.com/
Resolving communities.bmc.com (communities.bmc.com)... 63.251.238.138
Connecting to communities.bmc.com (communities.bmc.com)|63.251.238.138|:443... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://communities.bmc.com/welcome [following]
--2020-08-10 16:06:26--  https://communities.bmc.com/welcome
Reusing existing connection to communities.bmc.com:443.
HTTP request sent, awaiting response... 200 OK
Having established an SSL connection the HTTP request is sent and a response would be obtained



 
Remedy AR System Server
AR System Mid Tier
any web application that is accessible from a linux command line
Attachment(s):