When I try use curl I get error 35

[Andru1999]

I write comand curl https://portal.rosreestr.ru:4433 -k and get error curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure. What I am doing wrong?

[rnixik]

Does this site work with any other software without a client certificate?

[Andru1999]

No. It shold work only with authorization by certificate. And the user must also send his certificate too. I have not yet learned how to do it with curl, but I thought that I got other type of error.

[rnixik]

Could you try

    curl https://portal.rosreestr.ru:4433 -k -v --key key.pem --cert cert.pem

with your key.pem and cert.pem and show output?

[Andru1999]

I have only cer file. No private key. How to get it from cer file?

[rnixik]

It depends on format. Do you have -----BEGIN PRIVATE KEY----- in your cer file?

[Andru1999]

No. I think publick and private key are in it.

[rnixik]

Do you have something like ----- ***** -----?

[Andru1999]

No. I hava 0‚E0‚ф 
ч
°zДЪ»з in this file when I open it by notepad++

[rnixik]

It's probably in DER-format. You can try openssl x509 -inform der -in certificate.cer -out certificate.pem to convert it to pem and then look with notepad++.

[Andru1999]

Yes, it is works. I got -----BEGIN CERTIFICATE-----.

[rnixik]

Do you have -----BEGIN PRIVATE KEY----- somewhere in the file?

[Andru1999]

No. Mybe to need use special console key for get the private key ?

[rnixik]

Usually, obtaining private key is part of process of generating (obtaining) client certificate. Could you describe how did you get your cer?

[Andru1999]

Do you hava a telegram account?

[rnixik]

Sorry, I don't do such kind of support.

[Andru1999]

Ok. In short, I only have this certificate.

[rnixik]

Currently, I don't know the reason of the error.

[Andru1999]

Maybe this servise use different algoritms? How to change connection algoritm?

[rnixik]

This server does not support TLS 1.1, TLS 1.2, TLS 1.3 but TLS1.0. May be it supports SSLv3, but curl in docker does not support it.