Добрый день,
От моего пользователя (не root) делаю следующее.
Пробую получить сертификаты:
/opt/cprocsp/bin/amd64/csptest -tlsc -server ch-test.bki-okb.com -file /tmp/okb_request_body.txt -nosave -savecert /tmp/test_okb.p7b
SECPKG_ATTR_PACKAGE_INFO not supported.
DD
No data in socket: OK if file is completely downloaded
Reply status: HTTP/1.1 401 Unauthorized
An error occurred in running the program.
/dailybuildsbranches/CSP_4_0/CSPbuild/CSP/samples/csptest/WebClient.c:2239:Bad HTTP status.
Error number 0x80092004 (2148081668).
Cannot find object or property.
HttpsGetFile: 0x00000191
An error occurred in running the program.
/dailybuildsbranches/CSP_4_0/CSPbuild/CSP/samples/csptest/WebClient.c:789:Error fetching file from server.
Error number 0x191 (401).
Total: SYS: 0.030 sec USR: 0.090 sec UTC: 0.770 sec
[ErrorCode: 0x00000191]
Смотрю, что лежит в полученном файле:
/opt/cprocsp/bin/amd64/certmgr -list -file /tmp/test_okb.p7b
Certmgr 1.1 (c) "Crypto-Pro", 2007-2018.
program for managing certificates, CRLs and stores
=============================================================================
1-------
Issuer : E=cpca@cryptopro.ru, C=RU, S=Москва, L=Москва, O="ООО ""КРИПТО-ПРО""", CN=УЦ КРИПТО-ПРО (ГОСТ 2012)
Subject : E=pki@okb-bki.ru, C=RU, L=Moscow, O=UCB, CN=*.bki-okb.com
Serial : 0x027BFBAC0056AB79A14650B6F0ABDD3E49
SHA1 Hash : 1048759c505ab580f47ba30e2ec304520ad33f00
SubjKeyID : c27029b9326bfcd3f5fee06b17527ee37436f8d8
Signature Algorithm : ГОСТ Р 34.11-2012/34.10-2012 512 бит
PublicKey Algorithm : ГОСТ Р 34.10-2012 (512 bits)
Not valid before : 03/02/2020 10:19:49 UTC
Not valid after : 03/02/2021 10:29:49 UTC
PrivateKey Link : No
OCSP URL :
http://ocsp.cryptopro.ru/ocsp2012/ocsp.srfCA cert URL :
http://cpca20.cryptopro....835df02636b8119486dd.crtCDP :
http://cdp.cryptopro.ru/...835df02636b8119486dd.crlCDP :
http://cpca20.cryptopro....835df02636b8119486dd.crlExtended Key Usage : 1.3.6.1.5.5.7.3.1
=============================================================================
[ErrorCode: 0x00000000]
Скачиваю сертификат CA:
/opt/cprocsp/bin/amd64/curl
http://cpca20.cryptopro....835df02636b8119486dd.crt -o /tmp/ca_sert_20200506.crt
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 907 100 907 0 0 10967 0 --:--:-- --:--:-- --:--:-- 37791
Смотрим, что скачали:
/opt/cprocsp/bin/amd64/certmgr -list -file /tmp/ca_sert_20200506.crt
Certmgr 1.1 (c) "Crypto-Pro", 2007-2018.
program for managing certificates, CRLs and stores
=============================================================================
1-------
Issuer : E=cpca@cryptopro.ru, C=RU, S=Москва, L=Москва, O="ООО ""КРИПТО-ПРО""", CN=УЦ КРИПТО-ПРО (ГОСТ 2012)
Subject : E=cpca@cryptopro.ru, C=RU, S=Москва, L=Москва, O="ООО ""КРИПТО-ПРО""", CN=УЦ КРИПТО-ПРО (ГОСТ 2012)
Serial : 0x0278A81A01F7AAEDBC418C69A4B26871D6
SHA1 Hash : ec338e87c8a34be5ec53df164ddee40934176fb3
SubjKeyID : 2f0f30ee1b2e93dae26d835df02636b8119486dd
Signature Algorithm : ГОСТ Р 34.11-2012/34.10-2012 512 бит
PublicKey Algorithm : ГОСТ Р 34.10-2012 (1024 bits)
Not valid before : 31/10/2019 16:59:08 UTC
Not valid after : 31/10/2034 16:59:08 UTC
PrivateKey Link : No
=============================================================================
[ErrorCode: 0x00000000]
Пробую посмотреть, есть ли он у меня:
/opt/cprocsp/bin/amd64/certmgr -list -store mroot -thumbprint ec338e87c8a34be5ec53df164ddee40934176fb3
Certmgr 1.1 (c) "Crypto-Pro", 2007-2018.
program for managing certificates, CRLs and stores
=============================================================================
1-------
Issuer : E=cpca@cryptopro.ru, C=RU, S=Москва, L=Москва, O="ООО ""КРИПТО-ПРО""", CN=УЦ КРИПТО-ПРО (ГОСТ 2012)
Subject : E=cpca@cryptopro.ru, C=RU, S=Москва, L=Москва, O="ООО ""КРИПТО-ПРО""", CN=УЦ КРИПТО-ПРО (ГОСТ 2012)
Serial : 0x0278A81A01F7AAEDBC418C69A4B26871D6
SHA1 Hash : ec338e87c8a34be5ec53df164ddee40934176fb3
SubjKeyID : 2f0f30ee1b2e93dae26d835df02636b8119486dd
Signature Algorithm : ГОСТ Р 34.11-2012/34.10-2012 512 бит
PublicKey Algorithm : ГОСТ Р 34.10-2012 (1024 bits)
Not valid before : 31/10/2019 16:59:08 UTC
Not valid after : 31/10/2034 16:59:08 UTC
PrivateKey Link : No
=============================================================================
[ErrorCode: 0x00000000]
А если посмотреть так (то целых 2 раза, как я понимаю - один раз от рутового хранилища)
/opt/cprocsp/bin/amd64/certmgr -list -store uroot -thumbprint ec338e87c8a34be5ec53df164ddee40934176fb3
Certmgr 1.1 (c) "Crypto-Pro", 2007-2018.
program for managing certificates, CRLs and stores
=============================================================================
1-------
Issuer : E=cpca@cryptopro.ru, C=RU, S=Москва, L=Москва, O="ООО ""КРИПТО-ПРО""", CN=УЦ КРИПТО-ПРО (ГОСТ 2012)
Subject : E=cpca@cryptopro.ru, C=RU, S=Москва, L=Москва, O="ООО ""КРИПТО-ПРО""", CN=УЦ КРИПТО-ПРО (ГОСТ 2012)
Serial : 0x0278A81A01F7AAEDBC418C69A4B26871D6
SHA1 Hash : ec338e87c8a34be5ec53df164ddee40934176fb3
SubjKeyID : 2f0f30ee1b2e93dae26d835df02636b8119486dd
Signature Algorithm : ГОСТ Р 34.11-2012/34.10-2012 512 бит
PublicKey Algorithm : ГОСТ Р 34.10-2012 (1024 bits)
Not valid before : 31/10/2019 16:59:08 UTC
Not valid after : 31/10/2034 16:59:08 UTC
PrivateKey Link : No
2-------
Issuer : E=cpca@cryptopro.ru, C=RU, S=Москва, L=Москва, O="ООО ""КРИПТО-ПРО""", CN=УЦ КРИПТО-ПРО (ГОСТ 2012)
Subject : E=cpca@cryptopro.ru, C=RU, S=Москва, L=Москва, O="ООО ""КРИПТО-ПРО""", CN=УЦ КРИПТО-ПРО (ГОСТ 2012)
Serial : 0x0278A81A01F7AAEDBC418C69A4B26871D6
SHA1 Hash : ec338e87c8a34be5ec53df164ddee40934176fb3
SubjKeyID : 2f0f30ee1b2e93dae26d835df02636b8119486dd
Signature Algorithm : ГОСТ Р 34.11-2012/34.10-2012 512 бит
PublicKey Algorithm : ГОСТ Р 34.10-2012 (1024 bits)
Not valid before : 31/10/2019 16:59:08 UTC
Not valid after : 31/10/2034 16:59:08 UTC
PrivateKey Link : No
=============================================================================
[ErrorCode: 0x00000000]
Опять пробую сделать запрос из первого сообщения и опять такая же ошибка:
* About to connect() to ch-test.bki-okb.com port 443 (#0)
* Trying 141.101.233.2... % Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0connected
* Connected to ch-test.bki-okb.com (141.101.233.2) port 443 (#0)
* Closing connection #0
* Problem with the local SSL certificate
curl: (58) Problem with the local SSL certificate