Skip to content

Instantly share code, notes, and snippets.

@atheiman

atheiman/README

Created September 27, 2017 14:27
Show Gist options
  • Save atheiman/d044bccb4744309a02886bc6190c4ee0 to your computer and use it in GitHub Desktop.
Save atheiman/d044bccb4744309a02886bc6190c4ee0 to your computer and use it in GitHub Desktop.
Download ZIP
CentOS 7 CA cert issues
Raw
README
[root@dokken ~]# /usr/local/ruby/jruby-9.1.13.0/bin/ruby -rnet/http -e "Net::HTTP.get(URI('https://www.google.com/'))"
OpenSSL::SSL::SSLError: certificate verify failed
connect_nonblock at org/jruby/ext/openssl/SSLSocket.java:228
connect at /usr/local/ruby/jruby-9.1.13.0/lib/ruby/stdlib/net/http.rb:938
do_start at /usr/local/ruby/jruby-9.1.13.0/lib/ruby/stdlib/net/http.rb:868
start at /usr/local/ruby/jruby-9.1.13.0/lib/ruby/stdlib/net/http.rb:857
start at /usr/local/ruby/jruby-9.1.13.0/lib/ruby/stdlib/net/http.rb:585
get_response at /usr/local/ruby/jruby-9.1.13.0/lib/ruby/stdlib/net/http.rb:480
get at /usr/local/ruby/jruby-9.1.13.0/lib/ruby/stdlib/net/http.rb:457
<main> at -e:1
[root@dokken ~]# /usr/local/ruby/jruby-9.1.13.0/bin/ruby -rnet/http -e "Net::HTTP.get(URI('https://letsencrypt.org/'))"
[root@dokken ~]# echo $?
0
Raw
letsencrypt.org cert
~ $ echo | openssl s_client -showcerts -servername letsencrypt.org -connect letsencrypt.org:443 2>/dev/null | openssl x509 -inform pem -noout -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
7f:00:00:01:00:00:01:4b:51:54:dc:bd:6b:c7:cc:70
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=IdenTrust, OU=TrustID Server, CN=TrustID Server CA A52
Validity
Not Before: Feb 3 21:24:51 2015 GMT
Not After : Feb 2 21:24:51 2018 GMT
Subject: CN=letsencrypt.org, O=INTERNET SECURITY RESEARCH GROUP, L=Mountain View, ST=California, C=US
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:c6:13:a4:fc:2d:c9:92:ea:0f:25:1f:fd:58:e6:
8a:d7:79:93:af:6b:88:2d:86:b4:be:56:62:54:5a:
5c:f7:2b:81:2b:e6:af:02:99:51:53:98:3f:eb:60:
be:ad:03:7d:49:60:20:22:a7:66:d5:43:cc:ff:3e:
05:98:1a:8b:2e:33:3a:31:d8:e3:bd:32:a9:cb:c1:
34:c6:d3:be:2c:08:74:d9:8b:87:e8:15:be:8a:69:
c4:bc:c5:5b:b6:e6:ef:11:44:17:7c:d5:62:4d:97:
0e:f7:e8:53:b4:a4:95:24:90:4d:e0:0d:23:f3:d5:
04:e9:c3:78:1c:ea:7e:d2:ca:9a:5a:16:be:34:0f:
93:e9:2b:73:cf:a0:d0:8f:7e:8c:f6:6c:5b:47:9b:
62:91:b1:41:fd:db:82:d1:7e:2b:54:65:d2:3a:f2:
4c:49:3f:b4:06:d5:20:1b:75:9c:40:fe:a0:dc:7e:
f0:d2:80:26:16:e5:63:66:30:a4:b8:bf:e1:87:b8:
c9:09:80:17:b6:d2:d3:0b:fa:12:2d:98:5e:52:f6:
66:26:fc:66:e4:14:b1:bc:63:05:99:af:2b:54:66:
b4:a3:c6:6b:8b:f6:78:f7:31:a0:6b:00:f4:30:df:
f4:f9:f3:6a:f2:28:cf:3e:cf:5f:3c:91:b9:c0:ec:
0f:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Certificate Policies:
Policy: 2.16.840.1.113839.0.6.3
CPS: https://secure.identrust.com/certificates/policy/ts/
User Notice:
Explicit Text: This TrustID Server Certificate has been issued in accordance with IdenTrust's TrustID Certificate Policy found at https://secure.identrust.com/certificates/policy/ts/
Policy: 2.23.140.1.2.2
CPS: https://secure.identrust.com/certificates/policy/ts/
User Notice:
Explicit Text: This TrustID Server Certificate has been issued in accordance with IdenTrust's TrustID Certificate Policy found at https://secure.identrust.com/certificates/policy/ts/
X509v3 Subject Key Identifier:
D2:C0:B8:52:36:BA:00:F4:53:6E:0E:80:43:ED:5F:AF:A9:FF:12:50
X509v3 CRL Distribution Points:
URI:http://validation.identrust.com/crl/trustidcaa52.crl
Authority Information Access:
OCSP - URI:http://commercial.ocsp.identrust.com
CA Issuers - URI:http://validation.identrust.com/certs/trustidcaa52.p7c
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Authority Key Identifier:
keyid:A2:56:24:3C:D0:D4:15:B9:E8:BF:78:A3:13:10:58:48:2E:16:54:E1
X509v3 Subject Alternative Name:
DNS:letsencrypt.org, DNS:www.letsencrypt.org
Signature Algorithm: sha256WithRSAEncryption
80:49:a7:ce:96:27:70:1f:c4:e5:20:87:6b:97:27:1a:8a:ef:
34:d1:3a:5e:ca:77:61:72:bd:7c:90:53:db:ef:9c:85:04:e4:
c8:56:29:13:5d:93:4d:1f:9c:6f:b0:93:75:18:98:12:b3:47:
5d:5f:07:97:f5:d3:2b:c9:b1:1b:12:bc:29:73:3d:cd:40:e5:
7e:b9:7b:c8:19:f2:19:39:76:4a:4f:2a:27:00:36:90:6b:ae:
5f:d2:80:d6:8d:cc:16:42:8c:0f:cd:3d:21:30:25:bc:fa:10:
a6:69:75:29:ed:1a:16:8e:0d:2c:ef:cb:24:a9:c9:a6:4c:85:
f0:bf:89:42:b9:1f:2c:d1:e9:29:89:f7:3e:f9:f2:26:7b:ab:
55:35:c3:38:8c:10:c3:c1:d5:5d:bc:3a:50:a0:1a:77:ce:de:
d6:12:86:2d:83:a9:b1:a6:8a:08:b6:8d:c3:5b:e0:f2:e2:3e:
3b:d9:af:d4:c0:ba:15:37:cf:d6:94:a5:af:5d:6c:f8:88:78:
61:a9:dc:b8:9b:9d:e3:5a:d3:f2:55:c2:51:b0:ec:d5:4c:2c:
f6:93:dd:57:32:ed:f3:39:39:33:4b:db:1e:64:c2:96:36:e0:
50:2e:57:91:49:84:bd:a7:4c:7e:05:ac:94:84:03:d2:be:be:
05:14:52:f8
Raw
www.google.com cert
~ $ echo | openssl s_client -showcerts -servername www.google.com -connect www.google.com:443 2>/dev/null | openssl x509 -inform pem -noout -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
20:4e:0e:ba:0f:e0:ee:a9
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2
Validity
Not Before: Sep 13 17:33:03 2017 GMT
Not After : Dec 6 17:10:00 2017 GMT
Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=www.google.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:b9:10:4b:54:51:57:73:41:56:1b:37:2a:a2:c2:
cd:06:2a:69:6a:df:a7:fe:11:58:19:86:70:3c:d9:
62:60:2e:97:03:9c:98:1e:e0:89:bd:a5:47:63:d5:
d5:a5:3a:ac:70:48:05:fc:62:02:37:50:f0:26:d6:
b4:ba:61:44:25:1d:f4:1e:a9:df:36:f1:91:c6:cb:
fa:35:e7:6e:e2:58:bd:10:38:f5:68:f0:b7:b2:42:
07:c2:ad:48:11:28:67:1c:53:01:f0:cf:15:96:2a:
90:05:b4:b3:cf:d2:7f:49:23:c8:38:01:8a:af:05:
ff:dc:eb:51:52:e9:81:b4:06:a8:4e:ec:38:95:13:
51:78:e9:25:f8:9b:e7:f2:88:f0:b3:bb:4c:f3:b0:
35:bf:6f:05:58:cf:a4:65:17:71:e2:94:fc:b1:68:
dd:2c:4e:e5:9a:03:bb:99:91:91:ef:bd:17:e1:58:
ec:06:64:a0:0d:f2:75:60:6e:cd:fa:d4:b3:8d:0b:
4e:ba:ff:bd:de:b7:65:ef:29:af:c3:2c:62:28:37:
0b:98:54:46:9d:76:d3:e5:3d:19:8d:9d:95:96:36:
a3:cb:81:28:43:a3:fd:31:2e:56:a4:9c:6b:6f:96:
b9:9a:a3:98:51:4d:f2:43:98:fc:af:e0:70:cb:22:
bc:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Subject Alternative Name:
DNS:www.google.com
Authority Information Access:
CA Issuers - URI:http://pki.google.com/GIAG2.crt
OCSP - URI:http://clients1.google.com/ocsp
X509v3 Subject Key Identifier:
A1:80:22:4C:9B:E9:E7:EB:FA:07:F7:13:FE:A1:E7:DD:F5:29:E1:F9
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Authority Key Identifier:
keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.11129.2.5.1
Policy: 2.23.140.1.2.2
X509v3 CRL Distribution Points:
URI:http://pki.google.com/GIAG2.crl
Signature Algorithm: sha256WithRSAEncryption
48:bd:55:84:ec:68:2a:7a:b8:20:fd:b6:e7:2e:78:28:38:c4:
f8:58:a7:1b:cf:6d:65:ef:4c:25:49:37:45:f8:40:78:da:74:
4d:f7:58:b2:31:b0:a2:3d:5f:29:9b:d0:54:00:09:7c:1b:b1:
b2:8f:f5:74:bd:5d:2a:0a:90:97:b3:f2:f5:e1:cb:f9:04:3f:
e6:5a:4c:52:99:5d:77:a9:eb:f4:8d:81:99:fb:97:08:f3:ca:
f9:7e:94:52:6e:fd:e9:cc:f1:45:ed:99:a6:71:83:02:fe:10:
77:c5:80:30:00:78:7a:db:3f:ad:f2:e2:1b:32:51:26:8e:c4:
9d:94:53:d0:2c:63:5a:9f:70:43:27:2e:2f:56:c4:bb:4e:58:
2d:11:c7:ee:02:a7:47:1d:f8:9f:a5:dd:36:2d:07:b3:cb:8a:
b6:ec:44:cb:92:4f:3f:0c:bf:69:3b:c3:d3:71:f0:d6:41:9d:
1f:c8:01:fc:61:24:a7:a9:c8:13:c4:c6:97:57:cd:60:1a:2b:
07:c6:8e:3f:ac:1f:4b:08:4d:01:60:3a:b0:ca:31:a2:ca:ce:
5c:59:86:81:62:66:19:8a:a0:92:4d:b0:ee:c5:04:fd:3a:a3:
9f:d5:5b:5f:a2:64:61:d2:01:ac:6c:ad:a8:87:23:11:22:61:
92:66:ba:df
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment