On Thursday 29 August 2019 15:45:44 Gordon Messmer
wrote:> On 8/29/19 3:03 AM, Gary Stainburn wrote:
> > https://us-east.repo.webtatic.com/yum/el7/x86_64/repodata/repomd.xml:
[Errno 14] curl#60 - "Peer's Certificate issuer is not
recognized."
>
>
> What do you see when you run:
>
> ??? openssl s_client -showcerts -connect us-east.repo.webtatic.com:443
That seems to work fine on the faulty server.
[root at stan2 ~]# openssl s_client -showcerts -connect
us-east.repo.webtatic.com:443
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = webtatic.com
verify return:1
---
Certificate chain
0 s:/CN=webtatic.com
i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
-----BEGIN CERTIFICATE-----
MIIF6jCCBNKgAwIBAgISBDXb5cfWLFXVBqOxkpcXwXVhMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTA3MTMyMjAwMTJaFw0x
OTEwMTEyMjAwMTJaMBcxFTATBgNVBAMTDHdlYnRhdGljLmNvbTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAM3fbcrpxr9abHvq2fzpMhI1w5x03UZloW7u
fPVx9qMQisH2rXYlaOi6JqvqutGemKuqeon97DmKNLC+uK7FNfhqm+M9bBiYYcp7
LEErsoTSpsG8+tACsuEEfI5VX668x+hVX9SRmt86qXS+ukvxiKGqaYyXc+9YonBU
BUb1h24iiPP/U0wql6WpsZox6kaL4NDi53Fa6XzutNl7MO8SvWspRyccvOrFbSIa
60l2xQ3ZzwnBNE5PLjLNkaL/b/U5c6gAa+uDSpLGb5WLBVhXhtVM2nSxmR0WA+Mu
GH7FDJZbXFoWh7Te7H6DVg64Muo2Cb9791zngJQcX835QpcKAecCAwEAAaOCAvsw
ggL3MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
AwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU+yYwnaGc5M9ElauTeKw5gf9Uricw
HwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7/Oo7KEwbwYIKwYBBQUHAQEEYzBh
MC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5cHQub3Jn
MC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDMubGV0c2VuY3J5cHQub3Jn
LzCBsAYDVR0RBIGoMIGlghNtaXJyb3Iud2VidGF0aWMuY29tghRubC5yZXBvLndl
YnRhdGljLmNvbYIRcmVwby53ZWJ0YXRpYy5jb22CFHNwLnJlcG8ud2VidGF0aWMu
Y29tghR1ay5yZXBvLndlYnRhdGljLmNvbYIZdXMtZWFzdC5yZXBvLndlYnRhdGlj
LmNvbYIMd2VidGF0aWMuY29tghB3d3cud2VidGF0aWMuY29tMEwGA1UdIARFMEMw
CAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9j
cHMubGV0c2VuY3J5cHQub3JnMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHYA4mlL
ribo6UAJ6IYbtjuD1D7n/nSI+6SPKJMBnd3x2/4AAAFr7ZC2OwAABAMARzBFAiA2
oB+MtRoLHj2R10tZO68L/cCME2VGCM/WvwsbIAQz6wIhANmYApxOCCu4elrF+fMF
b9BRooxn/wnAXgQNaXZMCTDJAHYAY/Lbzeg7zCzPC3KEJ1drM6SNYXePvXWmOLHH
aFRL2I0AAAFr7ZC2LwAABAMARzBFAiAlxh9zfcwH3jblEejfwclCMCUcXYBUNBK4
tCFQ0lrQigIhAJL9l9eMgnWYuFgQcIHpfDhoPoR/1qUb7eulzCNEeuDHMA0GCSqG
SIb3DQEBCwUAA4IBAQBy/d3y+sAM9iEE6pZkcbCONdbWeh8/g6o4VsFJ8c0K7MxR
WAtiMgLK96SwhGHYrclvu9SMdi9B7umQtvxFRJq+jaFCANpddKcWegOlRwXhrMDs
tOQhcMDnSZLJGjsFzwsYaluZlM1UI+xqnPR+fBoaLt3RaBQLowrsXpL4FMs+cJ0o
/8ECkkIdZ2yJKzbt/XRc5Xj8cVo0lJXrZhqRJ3v0dJFLD4Sv+JQ9P91wlx8277Tk
umcaa8fUOArtsaSxcnRkieJYainVv0b0YuZUZ1z0e94NPFAdY29hINBYfQQl6+wr
zcQZke1Uc4S3edwPjZHX4M3KvEKFokRhlyaqSoTw
-----END CERTIFICATE-----
1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
i:/O=Digital Signature Trust Co./CN=DST Root CA X3
-----BEGIN CERTIFICATE-----
MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg=-----END CERTIFICATE-----
---
Server certificate
subject=/CN=webtatic.com
issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 3370 bytes and written 415 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 3EAB66B1C00B5E9A0ABED3F0A58EBBB5EFCB92D21DA43C14947ACEA4740B5031
Session-ID-ctx:
Master-Key:
45306EA81D8751DA376D3E0BDD15200AF59EC5F75B0FDFA7E6973469218E0EE947DABD22A1479A3076C903920C9DCB4A
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 7d 61 0c 5b 24 96 f1 c5-25 ef 1f e3 61 18 85 e0 }a.[$...%...a...
0010 - 81 71 15 64 13 a8 d3 f7-06 93 7e 91 d9 44 79 5e .q.d......~..Dy^
0020 - 59 e5 6c 03 19 15 15 9a-28 e9 3b 3a 76 82 16 02 Y.l.....(.;:v...
0030 - 5b 1c 59 0e 15 08 99 48-02 65 f7 8d 46 76 f9 91 [.Y....H.e..Fv..
0040 - e9 ea 08 b2 04 85 fc fc-49 60 f7 b2 a5 2d fc 09 ........I`...-..
0050 - d3 4f 30 b7 98 5f 6c 3f-aa 5f eb aa d6 4c d1 a0 .O0.._l?._...L..
0060 - 33 39 a1 fc 47 62 04 6b-58 2c 81 ca 84 e0 f3 c1 39..Gb.kX,......
0070 - de 69 bb c1 91 5c d1 c2-bb 21 27 90 76 98 cb 11
.i...\...!'.v...
0080 - 4c cb 18 14 8c 91 0b 48-97 31 7c 31 32 c4 55 9e L......H.1|12.U.
0090 - a0 72 d6 ac 69 a3 2b b6-b7 61 8a 8d d9 e0 69 f1 .r..i.+..a....i.
00a0 - b5 2d 6c 66 12 04 f8 c0-65 05 21 27 1e 2c ec 1c
.-lf....e.!'.,..
Start Time: 1567090119
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
DONE
[root at stan2 ~]#