Skip to content

Instantly share code, notes, and snippets.

@autch

autch/gist:ef1386297d67d2c86e80792117778a8c

Created May 8, 2020 16:57
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save autch/ef1386297d67d2c86e80792117778a8c to your computer and use it in GitHub Desktop.
Save autch/ef1386297d67d2c86e80792117778a8c to your computer and use it in GitHub Desktop.
Download ZIP
certificate of 35.241.52.229 is expired, note that subject L=Copenhagen (valid one says L=Koebenhavn)
Raw
gistfile1.txt
$ openssl s_client -connect 35.241.52.229:443
CONNECTED(00000003)
Can't use SSL_get_servername
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, CN = DigiCert SHA2 Secure Server CA
verify return:1
depth=0 C = DK, L = Copenhagen, O = Unity Technologies ApS, CN = *.unity3d.com
verify error:num=10:certificate has expired
notAfter=May 8 12:00:00 2020 GMT
verify return:1
depth=0 C = DK, L = Copenhagen, O = Unity Technologies ApS, CN = *.unity3d.com
notAfter=May 8 12:00:00 2020 GMT
verify return:1
---
Certificate chain
0 s:C = DK, L = Copenhagen, O = Unity Technologies ApS, CN = *.unity3d.com
i:C = US, O = DigiCert Inc, CN = DigiCert SHA2 Secure Server CA
1 s:C = US, O = DigiCert Inc, CN = DigiCert SHA2 Secure Server CA
i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIHGTCCBgGgAwIBAgIQBXejkrZtX7/7wge/+f7m0zANBgkqhkiG9w0BAQsFADBN
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5E
aWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTkxMDE1MDAwMDAwWhcN
MjAwNTA4MTIwMDAwWjBbMQswCQYDVQQGEwJESzETMBEGA1UEBxMKQ29wZW5oYWdl
bjEfMB0GA1UEChMWVW5pdHkgVGVjaG5vbG9naWVzIEFwUzEWMBQGA1UEAwwNKi51
bml0eTNkLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMH7t1fw
k2brIFbb1A7rrPBOLG1NOrVN3scBFNEGYfKxMxMi1MzXvZHu39KGVgM7gyY+6aps
0SvmXZVo7kmu96vdHCg2S3Aea4k13VQOfwXANcglrPPnav0k9ZtpmQDjAbrC7tnF
MVY1khRqTYRSH6IMqD4d+HTICEAprmHQ9VgOrIm4u8vtcABT4AJGEiORkTzb/O20
1VYRJnC/kcfAUJhtxm4GoGzXdKYb0b2tWVlNZ3o4kJBF3JYSymq3spYr+oJVJsFP
O7CDVn1+1B3hDk+uhlzsDbvdZr6CR40sPK7EaHfVUrjtsINNylw0YwMQYqgRPLnG
zN8z3e/3MCCiv5sCAwEAAaOCA+UwggPhMB8GA1UdIwQYMBaAFA+AYRyCMWHVLyjn
jUY4tCzhxtniMB0GA1UdDgQWBBTNeE6wBnoM8UodRuO9C10PFEiTWDCCAR8GA1Ud
EQSCARYwggESgg0qLnVuaXR5M2QuY29tgh1sb3JlLmNkcC5pbnRlcm5hbC51bml0
eTNkLmNvbYIlbG9yZS5kYXRhLmllLmNkcC5pbnRlcm5hbC51bml0eTNkLmNvbYIj
cHJkLWxlbmRlci5jZHAuaW50ZXJuYWwudW5pdHkzZC5jb22CGWFwaS51Y2EuY2xv
dWQudW5pdHkzZC5jb22CFWNkcC5jbG91ZC51bml0eTNkLmNvbYIcZXUtYXBpLnVj
YS5jbG91ZC51bml0eTNkLmNvbYIdaHdzdGF0cy51Y2EuY2xvdWQudW5pdHkzZC5j
b22CGnRoaW5kLnVuaXR5YWRzLnVuaXR5M2QuY29tggt1bml0eTNkLmNvbTAOBgNV
HQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGsGA1Ud
HwRkMGIwL6AtoCuGKWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9zc2NhLXNoYTIt
ZzYuY3JsMC+gLaArhilodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc3NjYS1zaGEy
LWc2LmNybDBMBgNVHSAERTBDMDcGCWCGSAGG/WwBATAqMCgGCCsGAQUFBwIBFhxo
dHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjB8BggrBgEFBQcB
AQRwMG4wJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBGBggr
BgEFBQcwAoY6aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hB
MlNlY3VyZVNlcnZlckNBLmNydDAMBgNVHRMBAf8EAjAAMIIBBAYKKwYBBAHWeQIE
AgSB9QSB8gDwAHYApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFt
0RGT8gAABAMARzBFAiEAzV0GROhTPWKtMxFv0txgbwuu3+fO0QOo8T9cpVlQJp4C
IAxCMgnXz3ByHsdSYqrri987ffV+tQ+Rgd295hKdhi8UAHYAh3W/51l8+IxDmV+9
827/Vo1HVjb/SrVgwbTq/16ggw8AAAFt0RGUjwAABAMARzBFAiAjVlcJSKN+dBBY
5s0nINzSZZYmxLKZ1AYDqUJWz8MPbgIhAJ29q1zphIeOMfBY+JFd0xgSB4oSV9EW
gLUEwa0FMgc/MA0GCSqGSIb3DQEBCwUAA4IBAQAlh33IGvsRwBe9/ob2umxxKdFm
7rBCWReo97jZjDnJ0yQVKoj0AcSboVrZU1EJ5gul8+AWjnDu2RLIplxqgKEH4uYd
PH5mQ3tpxuL4aiH1EUWXlZ61Lu+3oIRm/3K1aqjxHSd5c68N3mMsrDjmEgUJSYGe
RoItD3p7ZH+saUhPbOp/F1IeXKW8L4zY1ddMBsZgi6GretHoMioGsXtUBtqD81Aa
TXF6TKBkWr3gz/jWrVS6VX54PZLzwzC7zbF8cCjCVVyw9zSirsFtu1tyUKkEx42T
TZqVfRLP+8NPe4/N9b1FfWfcuIwwxH5670XRgzJElLz9yPgMNIs/LmMTN9R/
-----END CERTIFICATE-----
subject=C = DK, L = Copenhagen, O = Unity Technologies ApS, CN = *.unity3d.com
issuer=C = US, O = DigiCert Inc, CN = DigiCert SHA2 Secure Server CA
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3492 bytes and written 363 bytes
Verification error: certificate has expired
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 10 (certificate has expired)
---
^C
@autch
Copy link
Author

autch commented May 8, 2020

It is cdp.cloud.unity3d.com

$ dig cdp.cloud.unity3d.com

; <<>> DiG 9.11.5-P4-5.1-Debian <<>> cdp.cloud.unity3d.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47448
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;cdp.cloud.unity3d.com.         IN      A

;; ANSWER SECTION:
cdp.cloud.unity3d.com.  18      IN      CNAME   prd-lender.cdp.internal.unity3d.com.
prd-lender.cdp.internal.unity3d.com. 9 IN CNAME thind-prd-knob.data.ie.unity3d.com.
thind-prd-knob.data.ie.unity3d.com. 48 IN CNAME thind-gke-usc.prd.data.corp.unity3d.com.
thind-gke-usc.prd.data.corp.unity3d.com. 47 IN A 35.241.52.229

;; Query time: 114 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: 土  5月 09 02:07:34 JST 2020
;; MSG SIZE  rcvd: 183

@autch
Copy link
Author

autch commented May 8, 2020

Seems to be fixed now:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:7b:39:76:a1:77:ec:1b:c7:dc:3d:f4:d5:45:71:4a
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = US, O = DigiCert Inc, CN = DigiCert SHA2 Secure Server CA
        Validity
            Not Before: May  8 00:00:00 2020 GMT
            Not After : May 11 12:00:00 2022 GMT
        Subject: C = US, ST = California, L = San Francisco, O = Unity Technologies SF, CN = *.unity3d.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:fb:b7:57:f0:93:66:eb:20:56:db:d4:0e:eb:
                    ac:f0:4e:2c:6d:4d:3a:b5:4d:de:c7:01:14:d1:06:
                    61:f2:b1:33:13:22:d4:cc:d7:bd:91:ee:df:d2:86:
                    56:03:3b:83:26:3e:e9:aa:6c:d1:2b:e6:5d:95:68:
                    ee:49:ae:f7:ab:dd:1c:28:36:4b:70:1e:6b:89:35:
                    dd:54:0e:7f:05:c0:35:c8:25:ac:f3:e7:6a:fd:24:
                    f5:9b:69:99:00:e3:01:ba:c2:ee:d9:c5:31:56:35:
                    92:14:6a:4d:84:52:1f:a2:0c:a8:3e:1d:f8:74:c8:
                    08:40:29:ae:61:d0:f5:58:0e:ac:89:b8:bb:cb:ed:
                    70:00:53:e0:02:46:12:23:91:91:3c:db:fc:ed:b4:
                    d5:56:11:26:70:bf:91:c7:c0:50:98:6d:c6:6e:06:
                    a0:6c:d7:74:a6:1b:d1:bd:ad:59:59:4d:67:7a:38:
                    90:90:45:dc:96:12:ca:6a:b7:b2:96:2b:fa:82:55:
                    26:c1:4f:3b:b0:83:56:7d:7e:d4:1d:e1:0e:4f:ae:
                    86:5c:ec:0d:bb:dd:66:be:82:47:8d:2c:3c:ae:c4:
                    68:77:d5:52:b8:ed:b0:83:4d:ca:5c:34:63:03:10:
                    62:a8:11:3c:b9:c6:cc:df:33:dd:ef:f7:30:20:a2:
                    bf:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier:
                keyid:0F:80:61:1C:82:31:61:D5:2F:28:E7:8D:46:38:B4:2C:E1:C6:D9:E2

            X509v3 Subject Key Identifier:
                CD:78:4E:B0:06:7A:0C:F1:4A:1D:46:E3:BD:0B:5D:0F:14:48:93:58
            X509v3 Subject Alternative Name:
                DNS:*.unity3d.com, DNS:unity3d.com, DNS:prd-lender.cdp.internal.unity3d.com, DNS:api.uca.cloud.unity3d.com, DNS:cdp.cloud.unity3d.com, DNS:eu-api.uca.cloud.unity3d.com, DNS:hwstats.uca.cloud.unity3d.com, DNS:thind.unityads.unity3d.com
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:http://crl3.digicert.com/ssca-sha2-g6.crl

                Full Name:
                  URI:http://crl4.digicert.com/ssca-sha2-g6.crl

            X509v3 Certificate Policies:
                Policy: 2.16.840.1.114412.1.1
                  CPS: https://www.digicert.com/CPS
                Policy: 2.23.140.1.2.2

            Authority Information Access:
                OCSP - URI:http://ocsp.digicert.com
                CA Issuers - URI:http://cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt

            X509v3 Basic Constraints: critical
                CA:FALSE
            CT Precertificate SCTs:
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 29:79:BE:F0:9E:39:39:21:F0:56:73:9F:63:A5:77:E5:
                                BE:57:7D:9C:60:0A:F8:F9:4D:5D:26:5C:25:5D:C7:84
                    Timestamp : May  8 17:00:15.077 2020 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:0E:31:81:17:7F:19:FD:AB:1F:BC:43:18:
                                D8:5C:9C:C1:06:3D:62:D9:F7:D1:E9:51:AD:7F:6F:71:
                                66:DA:9E:FD:02:20:18:D6:AF:AB:4D:F2:94:2B:7E:43:
                                9B:BF:D8:B5:B3:B9:E7:EA:31:17:8C:11:11:BF:AA:34:
                                E0:E7:B5:DF:6D:49
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 22:45:45:07:59:55:24:56:96:3F:A1:2F:F1:F7:6D:86:
                                E0:23:26:63:AD:C0:4B:7F:5D:C6:83:5C:6E:E2:0F:02
                    Timestamp : May  8 17:00:15.081 2020 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:28:FB:C5:61:0C:1C:BB:A0:A4:8E:D1:73:
                                5B:B1:8D:D7:BD:29:2E:05:BA:AC:EA:1F:F4:67:6B:53:
                                00:46:47:D4:02:21:00:C1:86:E1:53:76:CB:15:C6:9D:
                                72:CD:07:F4:AB:D6:D5:CA:A4:8F:EA:A9:C7:9D:ED:03:
                                EB:79:62:FD:C0:FE:8F
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 51:A3:B0:F5:FD:01:79:9C:56:6D:B8:37:78:8F:0C:A4:
                                7A:CC:1B:27:CB:F7:9E:88:42:9A:0D:FE:D4:8B:05:E5
                    Timestamp : May  8 17:00:15.161 2020 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:21:00:FA:4D:30:37:7C:D8:77:0A:BB:E0:E2:
                                0C:ED:08:5A:72:26:41:B1:C4:A4:54:71:5D:E8:64:64:
                                74:48:2B:98:DB:02:20:10:3B:9F:87:86:BB:CA:33:D1:
                                CC:4E:5F:BA:E0:14:CB:A0:26:A2:14:34:18:0B:7D:EE:
                                E0:14:EC:4A:83:5C:38
    Signature Algorithm: sha256WithRSAEncryption
         1f:e6:92:98:b0:ac:3d:dc:d0:dc:a9:cb:ec:1d:f5:d2:a5:95:
         85:de:7f:2c:0d:c9:59:a7:69:b0:a8:93:43:e1:9a:ac:d3:7f:
         58:cd:c1:27:7a:4b:ca:60:f3:d0:d3:11:f1:91:f7:c3:32:5b:
         8c:9f:a5:37:c6:59:6d:de:92:32:f7:c3:b4:1d:3b:fd:39:02:
         e0:b1:bd:ea:77:bb:75:98:d9:a7:84:1d:8b:e3:33:98:78:72:
         78:9d:d8:29:d3:29:a0:8a:a2:25:f2:8b:e0:02:fb:7d:c9:d5:
         aa:32:67:ab:e4:a6:ce:9c:89:7c:7b:5d:cc:a2:ae:47:b1:70:
         7d:09:43:5c:83:84:14:6c:bf:0a:b7:02:7b:18:9e:b0:db:d2:
         dd:a0:cf:c9:02:06:5b:ee:f4:ec:30:04:a6:21:6d:e3:8c:ef:
         1d:94:36:3a:e6:35:21:26:ed:36:93:49:09:16:11:0d:fb:2e:
         c5:d9:8e:57:d5:f1:10:be:d0:51:4a:52:75:cd:cf:81:ab:76:
         7c:37:77:86:77:48:d0:ba:0d:fe:62:cf:88:b5:da:b0:85:36:
         ce:5d:48:21:7e:02:2f:46:65:19:34:f4:9a:bb:37:82:c8:34:
         59:90:2d:91:34:45:6d:ef:0c:46:5b:e5:aa:93:b6:9c:e7:b4:
         81:d4:dc:3e

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment