Created
September 27, 2017 14:27
-
-
Save atheiman/d044bccb4744309a02886bc6190c4ee0 to your computer and use it in GitHub Desktop.
CentOS 7 CA cert issues
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@dokken ~]# /usr/local/ruby/jruby-9.1.13.0/bin/ruby -rnet/http -e "Net::HTTP.get(URI('https://www.google.com/'))" | |
OpenSSL::SSL::SSLError: certificate verify failed | |
connect_nonblock at org/jruby/ext/openssl/SSLSocket.java:228 | |
connect at /usr/local/ruby/jruby-9.1.13.0/lib/ruby/stdlib/net/http.rb:938 | |
do_start at /usr/local/ruby/jruby-9.1.13.0/lib/ruby/stdlib/net/http.rb:868 | |
start at /usr/local/ruby/jruby-9.1.13.0/lib/ruby/stdlib/net/http.rb:857 | |
start at /usr/local/ruby/jruby-9.1.13.0/lib/ruby/stdlib/net/http.rb:585 | |
get_response at /usr/local/ruby/jruby-9.1.13.0/lib/ruby/stdlib/net/http.rb:480 | |
get at /usr/local/ruby/jruby-9.1.13.0/lib/ruby/stdlib/net/http.rb:457 | |
<main> at -e:1 | |
[root@dokken ~]# /usr/local/ruby/jruby-9.1.13.0/bin/ruby -rnet/http -e "Net::HTTP.get(URI('https://letsencrypt.org/'))" | |
[root@dokken ~]# echo $? | |
0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
~ $ echo | openssl s_client -showcerts -servername letsencrypt.org -connect letsencrypt.org:443 2>/dev/null | openssl x509 -inform pem -noout -text | |
Certificate: | |
Data: | |
Version: 3 (0x2) | |
Serial Number: | |
7f:00:00:01:00:00:01:4b:51:54:dc:bd:6b:c7:cc:70 | |
Signature Algorithm: sha256WithRSAEncryption | |
Issuer: C=US, O=IdenTrust, OU=TrustID Server, CN=TrustID Server CA A52 | |
Validity | |
Not Before: Feb 3 21:24:51 2015 GMT | |
Not After : Feb 2 21:24:51 2018 GMT | |
Subject: CN=letsencrypt.org, O=INTERNET SECURITY RESEARCH GROUP, L=Mountain View, ST=California, C=US | |
Subject Public Key Info: | |
Public Key Algorithm: rsaEncryption | |
RSA Public Key: (2048 bit) | |
Modulus (2048 bit): | |
00:c6:13:a4:fc:2d:c9:92:ea:0f:25:1f:fd:58:e6: | |
8a:d7:79:93:af:6b:88:2d:86:b4:be:56:62:54:5a: | |
5c:f7:2b:81:2b:e6:af:02:99:51:53:98:3f:eb:60: | |
be:ad:03:7d:49:60:20:22:a7:66:d5:43:cc:ff:3e: | |
05:98:1a:8b:2e:33:3a:31:d8:e3:bd:32:a9:cb:c1: | |
34:c6:d3:be:2c:08:74:d9:8b:87:e8:15:be:8a:69: | |
c4:bc:c5:5b:b6:e6:ef:11:44:17:7c:d5:62:4d:97: | |
0e:f7:e8:53:b4:a4:95:24:90:4d:e0:0d:23:f3:d5: | |
04:e9:c3:78:1c:ea:7e:d2:ca:9a:5a:16:be:34:0f: | |
93:e9:2b:73:cf:a0:d0:8f:7e:8c:f6:6c:5b:47:9b: | |
62:91:b1:41:fd:db:82:d1:7e:2b:54:65:d2:3a:f2: | |
4c:49:3f:b4:06:d5:20:1b:75:9c:40:fe:a0:dc:7e: | |
f0:d2:80:26:16:e5:63:66:30:a4:b8:bf:e1:87:b8: | |
c9:09:80:17:b6:d2:d3:0b:fa:12:2d:98:5e:52:f6: | |
66:26:fc:66:e4:14:b1:bc:63:05:99:af:2b:54:66: | |
b4:a3:c6:6b:8b:f6:78:f7:31:a0:6b:00:f4:30:df: | |
f4:f9:f3:6a:f2:28:cf:3e:cf:5f:3c:91:b9:c0:ec: | |
0f:81 | |
Exponent: 65537 (0x10001) | |
X509v3 extensions: | |
X509v3 Key Usage: critical | |
Digital Signature, Key Encipherment | |
X509v3 Certificate Policies: | |
Policy: 2.16.840.1.113839.0.6.3 | |
CPS: https://secure.identrust.com/certificates/policy/ts/ | |
User Notice: | |
Explicit Text: This TrustID Server Certificate has been issued in accordance with IdenTrust's TrustID Certificate Policy found at https://secure.identrust.com/certificates/policy/ts/ | |
Policy: 2.23.140.1.2.2 | |
CPS: https://secure.identrust.com/certificates/policy/ts/ | |
User Notice: | |
Explicit Text: This TrustID Server Certificate has been issued in accordance with IdenTrust's TrustID Certificate Policy found at https://secure.identrust.com/certificates/policy/ts/ | |
X509v3 Subject Key Identifier: | |
D2:C0:B8:52:36:BA:00:F4:53:6E:0E:80:43:ED:5F:AF:A9:FF:12:50 | |
X509v3 CRL Distribution Points: | |
URI:http://validation.identrust.com/crl/trustidcaa52.crl | |
Authority Information Access: | |
OCSP - URI:http://commercial.ocsp.identrust.com | |
CA Issuers - URI:http://validation.identrust.com/certs/trustidcaa52.p7c | |
X509v3 Extended Key Usage: | |
TLS Web Server Authentication, TLS Web Client Authentication | |
X509v3 Authority Key Identifier: | |
keyid:A2:56:24:3C:D0:D4:15:B9:E8:BF:78:A3:13:10:58:48:2E:16:54:E1 | |
X509v3 Subject Alternative Name: | |
DNS:letsencrypt.org, DNS:www.letsencrypt.org | |
Signature Algorithm: sha256WithRSAEncryption | |
80:49:a7:ce:96:27:70:1f:c4:e5:20:87:6b:97:27:1a:8a:ef: | |
34:d1:3a:5e:ca:77:61:72:bd:7c:90:53:db:ef:9c:85:04:e4: | |
c8:56:29:13:5d:93:4d:1f:9c:6f:b0:93:75:18:98:12:b3:47: | |
5d:5f:07:97:f5:d3:2b:c9:b1:1b:12:bc:29:73:3d:cd:40:e5: | |
7e:b9:7b:c8:19:f2:19:39:76:4a:4f:2a:27:00:36:90:6b:ae: | |
5f:d2:80:d6:8d:cc:16:42:8c:0f:cd:3d:21:30:25:bc:fa:10: | |
a6:69:75:29:ed:1a:16:8e:0d:2c:ef:cb:24:a9:c9:a6:4c:85: | |
f0:bf:89:42:b9:1f:2c:d1:e9:29:89:f7:3e:f9:f2:26:7b:ab: | |
55:35:c3:38:8c:10:c3:c1:d5:5d:bc:3a:50:a0:1a:77:ce:de: | |
d6:12:86:2d:83:a9:b1:a6:8a:08:b6:8d:c3:5b:e0:f2:e2:3e: | |
3b:d9:af:d4:c0:ba:15:37:cf:d6:94:a5:af:5d:6c:f8:88:78: | |
61:a9:dc:b8:9b:9d:e3:5a:d3:f2:55:c2:51:b0:ec:d5:4c:2c: | |
f6:93:dd:57:32:ed:f3:39:39:33:4b:db:1e:64:c2:96:36:e0: | |
50:2e:57:91:49:84:bd:a7:4c:7e:05:ac:94:84:03:d2:be:be: | |
05:14:52:f8 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
~ $ echo | openssl s_client -showcerts -servername www.google.com -connect www.google.com:443 2>/dev/null | openssl x509 -inform pem -noout -text | |
Certificate: | |
Data: | |
Version: 3 (0x2) | |
Serial Number: | |
20:4e:0e:ba:0f:e0:ee:a9 | |
Signature Algorithm: sha256WithRSAEncryption | |
Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2 | |
Validity | |
Not Before: Sep 13 17:33:03 2017 GMT | |
Not After : Dec 6 17:10:00 2017 GMT | |
Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=www.google.com | |
Subject Public Key Info: | |
Public Key Algorithm: rsaEncryption | |
RSA Public Key: (2048 bit) | |
Modulus (2048 bit): | |
00:b9:10:4b:54:51:57:73:41:56:1b:37:2a:a2:c2: | |
cd:06:2a:69:6a:df:a7:fe:11:58:19:86:70:3c:d9: | |
62:60:2e:97:03:9c:98:1e:e0:89:bd:a5:47:63:d5: | |
d5:a5:3a:ac:70:48:05:fc:62:02:37:50:f0:26:d6: | |
b4:ba:61:44:25:1d:f4:1e:a9:df:36:f1:91:c6:cb: | |
fa:35:e7:6e:e2:58:bd:10:38:f5:68:f0:b7:b2:42: | |
07:c2:ad:48:11:28:67:1c:53:01:f0:cf:15:96:2a: | |
90:05:b4:b3:cf:d2:7f:49:23:c8:38:01:8a:af:05: | |
ff:dc:eb:51:52:e9:81:b4:06:a8:4e:ec:38:95:13: | |
51:78:e9:25:f8:9b:e7:f2:88:f0:b3:bb:4c:f3:b0: | |
35:bf:6f:05:58:cf:a4:65:17:71:e2:94:fc:b1:68: | |
dd:2c:4e:e5:9a:03:bb:99:91:91:ef:bd:17:e1:58: | |
ec:06:64:a0:0d:f2:75:60:6e:cd:fa:d4:b3:8d:0b: | |
4e:ba:ff:bd:de:b7:65:ef:29:af:c3:2c:62:28:37: | |
0b:98:54:46:9d:76:d3:e5:3d:19:8d:9d:95:96:36: | |
a3:cb:81:28:43:a3:fd:31:2e:56:a4:9c:6b:6f:96: | |
b9:9a:a3:98:51:4d:f2:43:98:fc:af:e0:70:cb:22: | |
bc:83 | |
Exponent: 65537 (0x10001) | |
X509v3 extensions: | |
X509v3 Extended Key Usage: | |
TLS Web Server Authentication, TLS Web Client Authentication | |
X509v3 Subject Alternative Name: | |
DNS:www.google.com | |
Authority Information Access: | |
CA Issuers - URI:http://pki.google.com/GIAG2.crt | |
OCSP - URI:http://clients1.google.com/ocsp | |
X509v3 Subject Key Identifier: | |
A1:80:22:4C:9B:E9:E7:EB:FA:07:F7:13:FE:A1:E7:DD:F5:29:E1:F9 | |
X509v3 Basic Constraints: critical | |
CA:FALSE | |
X509v3 Authority Key Identifier: | |
keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F | |
X509v3 Certificate Policies: | |
Policy: 1.3.6.1.4.1.11129.2.5.1 | |
Policy: 2.23.140.1.2.2 | |
X509v3 CRL Distribution Points: | |
URI:http://pki.google.com/GIAG2.crl | |
Signature Algorithm: sha256WithRSAEncryption | |
48:bd:55:84:ec:68:2a:7a:b8:20:fd:b6:e7:2e:78:28:38:c4: | |
f8:58:a7:1b:cf:6d:65:ef:4c:25:49:37:45:f8:40:78:da:74: | |
4d:f7:58:b2:31:b0:a2:3d:5f:29:9b:d0:54:00:09:7c:1b:b1: | |
b2:8f:f5:74:bd:5d:2a:0a:90:97:b3:f2:f5:e1:cb:f9:04:3f: | |
e6:5a:4c:52:99:5d:77:a9:eb:f4:8d:81:99:fb:97:08:f3:ca: | |
f9:7e:94:52:6e:fd:e9:cc:f1:45:ed:99:a6:71:83:02:fe:10: | |
77:c5:80:30:00:78:7a:db:3f:ad:f2:e2:1b:32:51:26:8e:c4: | |
9d:94:53:d0:2c:63:5a:9f:70:43:27:2e:2f:56:c4:bb:4e:58: | |
2d:11:c7:ee:02:a7:47:1d:f8:9f:a5:dd:36:2d:07:b3:cb:8a: | |
b6:ec:44:cb:92:4f:3f:0c:bf:69:3b:c3:d3:71:f0:d6:41:9d: | |
1f:c8:01:fc:61:24:a7:a9:c8:13:c4:c6:97:57:cd:60:1a:2b: | |
07:c6:8e:3f:ac:1f:4b:08:4d:01:60:3a:b0:ca:31:a2:ca:ce: | |
5c:59:86:81:62:66:19:8a:a0:92:4d:b0:ee:c5:04:fd:3a:a3: | |
9f:d5:5b:5f:a2:64:61:d2:01:ac:6c:ad:a8:87:23:11:22:61: | |
92:66:ba:df |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment