Created
June 21, 2014 07:19
-
-
Save svetlyak40wt/5333b5d64b6a13f0b50e to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
% openssl s_client -connect lk.megafon.ru:443 -verify 3 | |
verify depth is 3 | |
depth=0 /1.3.6.1.4.1.311.60.2.1.3=RU/businessCategory=Private Organization/serialNumber=1027809169585/C=RU/ST=Moscow/L=Moscow/O=OJSC MegaFon/CN=lk.megafon.ru | |
verify error:num=20:unable to get local issuer certificate | |
verify return:1 | |
depth=0 /1.3.6.1.4.1.311.60.2.1.3=RU/businessCategory=Private Organization/serialNumber=1027809169585/C=RU/ST=Moscow/L=Moscow/O=OJSC MegaFon/CN=lk.megafon.ru | |
verify error:num=27:certificate not trusted | |
verify return:1 | |
depth=0 /1.3.6.1.4.1.311.60.2.1.3=RU/businessCategory=Private Organization/serialNumber=1027809169585/C=RU/ST=Moscow/L=Moscow/O=OJSC MegaFon/CN=lk.megafon.ru | |
verify error:num=21:unable to verify the first certificate | |
verify return:1 | |
CONNECTED(00000003) | |
--- | |
Certificate chain | |
0 s:/1.3.6.1.4.1.311.60.2.1.3=RU/businessCategory=Private Organization/serialNumber=1027809169585/C=RU/ST=Moscow/L=Moscow/O=OJSC MegaFon/CN=lk.megafon.ru | |
i:/C=US/O=thawte, Inc./OU=Terms of use at https://www.thawte.com/cps (c)06/CN=thawte Extended Validation SSL CA | |
1 s:/C=US/O=Thawte, Inc./CN=Thawte SSL CA | |
i:/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA | |
2 s:/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA | |
i:/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com | |
--- | |
Server certificate | |
-----BEGIN CERTIFICATE----- | |
MIIFJTCCBA2gAwIBAgIQJq+JC3Z9gBR+53S47IRSYDANBgkqhkiG9w0BAQUFADCB | |
izELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjE5MDcGA1UECxMw | |
VGVybXMgb2YgdXNlIGF0IGh0dHBzOi8vd3d3LnRoYXd0ZS5jb20vY3BzIChjKTA2 | |
MSowKAYDVQQDEyF0aGF3dGUgRXh0ZW5kZWQgVmFsaWRhdGlvbiBTU0wgQ0EwHhcN | |
MTMxMjI0MDAwMDAwWhcNMTUxMjI0MjM1OTU5WjCBqjETMBEGCysGAQQBgjc8AgED | |
EwJSVTEdMBsGA1UEDxMUUHJpdmF0ZSBPcmdhbml6YXRpb24xFjAUBgNVBAUTDTEw | |
Mjc4MDkxNjk1ODUxCzAJBgNVBAYTAlJVMQ8wDQYDVQQIFAZNb3Njb3cxDzANBgNV | |
BAcUBk1vc2NvdzEVMBMGA1UEChQMT0pTQyBNZWdhRm9uMRYwFAYDVQQDFA1say5t | |
ZWdhZm9uLnJ1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzuwPK3eE | |
ohpxgBIVGACdeYqcY/EBop68haRcRA0NowtEnJC04UN1+5Y6lPfNxv42zokP96YO | |
XW7y6DG7r1NflrNxPJXZNoj8ipOxX0zSRrxrTT5UZ3nxIEA7xPIWhS0P1VIzIFan | |
8BllbuR5hzPvhhws3FmXAuCz+dF42laaB+rOBetDq3ZPocObgK6NZL7sbEJ1F0ZN | |
/NZEQAAtO+EOTiv4b/GxiEaMXTlujQjkFRnfdix6cVYin0nTQTD9jke7rr5Gp6k/ | |
sExj7VpPWB7Am15yI1bj6TpA98uO2zZSTXhTkxTWaLbHpzQkHLon/hb59qak4arB | |
qbCU0TCMI7OMuQIDAQABo4IBYjCCAV4wGAYDVR0RBBEwD4INbGsubWVnYWZvbi5y | |
dTAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIFoDA5BgNVHR8EMjAwMC6gLKAqhiho | |
dHRwOi8vY3JsLnRoYXd0ZS5jb20vVGhhd3RlRVZDQTIwMDYuY3JsMEIGA1UdIAQ7 | |
MDkwNwYLYIZIAYb4RQEHMAEwKDAmBggrBgEFBQcCARYaaHR0cHM6Ly93d3cudGhh | |
d3RlLmNvbS9jcHMwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB8GA1Ud | |
IwQYMBaAFM0y4vJdJUcCqo95SzLuA5n9MEnRMGgGCCsGAQUFBwEBBFwwWjAiBggr | |
BgEFBQcwAYYWaHR0cDovL29jc3AudGhhd3RlLmNvbTA0BggrBgEFBQcwAoYoaHR0 | |
cDovL2NybC50aGF3dGUuY29tL1RoYXd0ZUVWQ0EyMDA2LmNlcjANBgkqhkiG9w0B | |
AQUFAAOCAQEAh8JCCSW1IHFw91SPH/X1rA1P0/ehipgTopH55ogD0wThq49WAFLw | |
SyQBwePSl74u0L2ZWb6phqoMR4+8lOlQn0pRraC4bxq8GQdL8jRmxyw7nE7Man/9 | |
OGsCFJP8G+89ymjFeEPqZmMQhqpzWLiJ/UqZYTUeWzXrsZJRRWFiw7jTr+PYlSXq | |
eLqDLY548JTbxajCWzXUJM96Pu3HGFg1RMcIMMjVFzdPhk3VDpPHcl/90Chz1bMi | |
0V25PWSIXtP/GfuauWRzHCbEHuMRK0P6FvTfx+Axmqy5gBnw1JC0NL1+y7s5BEa3 | |
Qml/JY2L8libeIWMTYTU7l9uIUvDClw6mA== | |
-----END CERTIFICATE----- | |
subject=/1.3.6.1.4.1.311.60.2.1.3=RU/businessCategory=Private Organization/serialNumber=1027809169585/C=RU/ST=Moscow/L=Moscow/O=OJSC MegaFon/CN=lk.megafon.ru | |
issuer=/C=US/O=thawte, Inc./OU=Terms of use at https://www.thawte.com/cps (c)06/CN=thawte Extended Validation SSL CA | |
--- | |
No client certificate CA names sent | |
--- | |
SSL handshake has read 4259 bytes and written 328 bytes | |
--- | |
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA | |
Server public key is 2048 bit | |
Secure Renegotiation IS supported | |
Compression: NONE | |
Expansion: NONE | |
SSL-Session: | |
Protocol : TLSv1 | |
Cipher : DHE-RSA-AES256-SHA | |
Session-ID: 5C0040509F3270DF88E22C1258E7F229FF8D7DB1DFF14CAD6BEBA10707A2D12A | |
Session-ID-ctx: | |
Master-Key: 8EAD8D060A3539A85795250137A87AE5A8D49C4ECAD5688CC52ED1AC19BFE41D36BE381B22CB12D8EF7E758C3E229A4C | |
Key-Arg : None | |
Start Time: 1403334532 | |
Timeout : 300 (sec) | |
Verify return code: 21 (unable to verify the first certificate) | |
--- | |
DONE |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Обратите внимание на цепочку, которую отдает вебсервер: | |
Certificate chain | |
0 s:/1.3.6.1.4.1.311.60.2.1.3=RU/businessCategory=Private Organization/serialNumber=1027809169585/C=RU/ST=Moscow/L=Moscow/O=OJSC MegaFon/CN=lk.megafon.ru | |
i:/C=US/O=thawte, Inc./OU=Terms of use at https://www.thawte.com/cps (c)06/CN=thawte Extended Validation SSL CA | |
1 s:/C=US/O=Thawte, Inc./CN=Thawte SSL CA | |
i:/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA | |
2 s:/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA | |
i:/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com | |
Сертификат 0 это мегафоновский, он подписан thawte Extended Validation SSL CA. | |
Сертификат 1 thawte Primary Root CA, хотя должен быть thawte Extended Validation SSL CA. На этом некоторые клиенты спотыкаются, при попытке провалидировать эту цепочку. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment