[foaf-protocols] HOWTO: Use FOAF+SSL from a command line

Melvin Carvalho melvincarvalho at gmail.com
Mon Apr 12 12:53:20 CEST 2010


1. Preparation
===========

You are assumed to already have a FOAF+SSL certificate in your browser.

If you have not already, save a backup of this (in firefox
Edit->Preferences->Advanced->Encryption View Certificates->Backup)


2. Create .cer and .key
=================

Use openssl to create a .cer and .key file that you will need to access a
page later.

I am assuming the saved file is foafssl.p12

openssl pkcs12 -in foafssl.p12 -nocerts -out foafssl.key
openssl pkcs12 -clcerts -nokeys -in foafssl.p12 -out foafssl.cer


3. Use wget to access a foaf+ssl protected resource
=======================================

In this example I'm just using a test page i made at
https://foaf.cc/everyone, but any foaf+ssl resource should work, e.g.
https://foaf.me/simpleLogin.php or https://dig.xvm.mit.edu/test/everyone

*3.1 Without a WebID*

wget -qO- --no-check-certificate https://foaf.cc/everyone
Array
(
    [REMOTE_USER] =>
    [SSL_CLIENT_VERIFY] => NONE
    [SSL_CLIENT_CERT] =>
)

*3.2 With a WebID*

 wget -qO- --no-check-certificate
https://foaf.cc/everyone--certificate=./foafssl.cer
--private-key=./foafssl.key
Enter PEM pass phrase:
Array
(
    [REMOTE_USER] => <http://foaf.me/melvincarvalho#me>

    [SSL_CLIENT_VERIFY] => GENEROUS
    [SSL_CLIENT_M_VERSION] => 3
    [SSL_CLIENT_M_SERIAL] => 0255
    [SSL_CLIENT_V_START] => Oct 30 12:34:20 2009 GMT
    [SSL_CLIENT_V_END] => Oct 30 12:34:20 2010 GMT
    [SSL_CLIENT_V_REMAIN] => 202
    [SSL_CLIENT_S_DN] => /CN=FOAF ME Cert http://foaf.me/melvincarvalho
    [SSL_CLIENT_S_DN_CN] => FOAF ME Cert http://foaf.me/melvincarvalho
    [SSL_CLIENT_I_DN] => /C=GB/ST=LONDON/L=Wimbledon/O=
FOAF.ME/CN=FOAF.ME/emailAddress=ca at foaf.me

    [SSL_CLIENT_I_DN_C] => GB
    [SSL_CLIENT_I_DN_ST] => LONDON
    [SSL_CLIENT_I_DN_L] => Wimbledon
    [SSL_CLIENT_I_DN_O] => FOAF.ME
    [SSL_CLIENT_I_DN_CN] => FOAF.ME
    [SSL_CLIENT_I_DN_Email] => ca at foaf.me

    [SSL_CLIENT_A_KEY] => rsaEncryption
    [SSL_CLIENT_A_SIG] => md5WithRSAEncryption
    [SSL_CLIENT_CERT] => -----BEGIN CERTIFICATE-----
MIID0jCCAzugAwIBAgICAlUwDQYJKoZIhvcNAQEEBQAwcTELMAkGA1UEBhMCR0Ix
DzANBgNVBAgTBkxPTkRPTjESMBAGA1UEBxMJV2ltYmxlZG9uMRAwDgYDVQQKEwdG
T0FGLk1FMRAwDgYDVQQDEwdGT0FGLk1FMRkwFwYJKoZIhvcNAQkBFgpjYUBmb2Fm
Lm1lMB4XDTA5MTAzMDEyMzQyMFoXDTEwMTAzMDEyMzQyMFowNTEzMDEGA1UEAxMq
Rk9BRiBNRSBDZXJ0IGh0dHA6Ly9mb2FmLm1lL21lbHZpbmNhcnZhbGhvMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv0aWEsahXIsyM+RFfrk5peo2CbHf
MP8V9Jd1rZrEH1f0I6x8wnootCKxF4efROytvSSsLZSDqodjVoV88UuFfHV8rgf3
gKfm2S7pmy6O84k7PxeqXO+dPsEW5xgqYN5wxI7agmNQRTOAWvJmZnKzzAs2Whjr
QLwAr9WeFSF0MKQpCtDNk+nm9tWuMmSrBTLK8/6hWLU5eOfRtjFU3SsgWDici5if
jRVVAirP2pkC+gyNgZIWCVZa9CR1qT9f6TWXiKSHA0mbWWoL3HAqjU2wka9ZWrcN
B6WiTeBbJfrphIw8xNm9PP9OQWYabBWfgq+7OcXbuzZs9KLHJWhyRa90nQIDAQAB
o4IBLzCCASswCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5l
cmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFFbD6dcbXxx2B5tXtRUWKR9bYde/
MIGjBgNVHSMEgZswgZiAFELZDvt6tNTvvl9Lh36+061MZMMzoXWkczBxMQswCQYD
VQQGEwJHQjEPMA0GA1UECBMGTE9ORE9OMRIwEAYDVQQHEwlXaW1ibGVkb24xEDAO
BgNVBAoTB0ZPQUYuTUUxEDAOBgNVBAMTB0ZPQUYuTUUxGTAXBgkqhkiG9w0BCQEW
CmNhQGZvYWYubWWCCQC4izjTitF14jArBgNVHREEJDAihiBodHRwOi8vZm9hZi5t
ZS9tZWx2aW5jYXJ2YWxobyNtZTANBgkqhkiG9w0BAQQFAAOBgQBe9Fssxq2+t/UR
tAYgGStbcKyn66beZGmIb89zFtnjY2PNJOpfIMZtgsJKEAgAWdnxtoXsmmE7yJEd
L9hXruqk2oJix2qm/Po/MxnUaVnhdVMM+UHyOsNkg+4natLVkdkDlLlRDbPl650T
s2nMES7pyN3VbrUv1l+kbcfSZIMgvg==
-----END CERTIFICATE-----


In this way you can automate the process of sending authenticated requests
to resources across the web, getting responses, processing them, and acting
on the information.  Hopefully this will be one more tool for us to be able
to generate data centric communities.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.foaf-project.org/pipermail/foaf-protocols/attachments/20100412/12a99723/attachment.htm 


More information about the foaf-protocols mailing list