Skip to content

Instantly share code, notes, and snippets.

@karlentwistle

karlentwistle/Output from doctor

Last active March 19, 2016 06:41
Show Gist options
  • Save karlentwistle/10739717 to your computer and use it in GitHub Desktop.
Save karlentwistle/10739717 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
append crt
digicert/DigiCertHighAssuranceCA-3.crt
digicert/DigiCertSecureServerCA.crt
digicert/DigiCertHighAssuranceEVRootCA.crt
Raw
convert encoded .crt to plaintext .crt
openssl x509 -inform DES -in DigiCertHighAssuranceEVRootCA.crt -out DigiCertHighAssuranceEVRootCA.crt -text
openssl x509 -inform DES -in DigiCertSecureServerCA.crt -out DigiCertSecureServerCA.crt -text
openssl x509 -inform DES -in DigiCertHighAssuranceCA-3.crt -out DigiCertHighAssuranceCA-3.crt -text
Raw
curl facebook
curl https://facebook.com
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
More details here: http://curl.haxx.se/docs/sslcerts.html
Raw
grab the certs
cd ~/
mkdir digi
wget https://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt
wget https://www.digicert.com/CACerts/DigiCertSecureServerCA.crt
wget https://www.digicert.com/CACerts/DigiCertHighAssuranceCA-3.crt
Raw
move the certs
mkdir /usr/share/ca-certificates/digicert/
mv *.crt /usr/share/ca-certificates/digicert/
Raw
openssl s_client -connect facebook
openssl s_client -connect graph.facebook.com:443 -showcerts
CONNECTED(00000003)
depth=1 /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/C=US/ST=CA/L=Menlo Park/O=Facebook, Inc./CN=*.facebook.com
i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3
-----BEGIN CERTIFICATE-----
REMOVED FOR BREVITY
-----END CERTIFICATE-----
1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3
i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
-----BEGIN CERTIFICATE-----
REMOVED FOR BREVITY
-----END CERTIFICATE-----
---
Server certificate
subject=/C=US/ST=CA/L=Menlo Park/O=Facebook, Inc./CN=*.facebook.com
issuer=/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3
---
No client certificate CA names sent
---
SSL handshake has read 3156 bytes and written 432 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-SHA
Server public key is 2048 bit
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : RC4-SHA
Session-ID: 2061D27CF6BEB5BFB7AE6C1016D94C621DA16E813056FCD8D0D1A425ABF5B328
Session-ID-ctx:
Master-Key: A3BDE7A1AFED3A78EE0829678AF4F9300882BCCC1474CE05F0FCD7177D8FCAD488F131B2B3768480CD6702E13FA7248B
Key-Arg : None
Start Time: 1397486170
Timeout : 300 (sec)
Verify return code: 20 (unable to get local issuer certificate)
---
Raw
Output from doctor
ruby doctor.rb
/usr/bin/ruby1.8 (1.8.6)
OpenSSL 0.9.8g 19 Oct 2007: /usr/lib/ssl
SSL_CERT_DIR=""
SSL_CERT_FILE=""
HEAD https://status.github.com:443
OpenSSL::SSL::SSLError: certificate verify failed
The server presented a certificate that could not be verified:
subject: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 High Assurance Server CA
issuer: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
error code 20: unable to get local issuer certificate
Raw
rehash
cd /etc/ssl
sudo c_rehash
Raw
successful ruby doctor
ruby doctor.rb
/usr/bin/ruby1.8 (1.8.6)
OpenSSL 0.9.8g 19 Oct 2007: /usr/lib/ssl
SSL_CERT_DIR=""
SSL_CERT_FILE=""
HEAD https://status.github.com:443
Raw
Update install packages
sudo apt-get update && sudo apt-get install
Raw
Using the doctor script
ruby doctor.rb facebook.com
ruby doctor.rb google.com
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment