SSL certificate issue
Close
    
    
Page 1 of 2 12 LastLast
Results 1 to 10 of 15
Like Tree7Likes

Thread: SSL certificate issue

  1. #1
    Senior Member nihil's Avatar
    Join Date
    Jan 2018
    Posts
    313

    SSL certificate issue

    So along with all the rest of the technical oddities lately, I'm getting an SSL certificate from subaruxvforum.com when browsing here... Just a heads up.

    Code:
    CONNECTED(00000003)
    depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
    verify return:1
    depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
    verify return:1
    depth=0 CN = subaruxvforum.com
    verify return:1
    ---
    Certificate chain
     0 s:/CN=subaruxvforum.com
       i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
     1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
       i:/O=Digital Signature Trust Co./CN=DST Root CA X3
    ---
    Server certificate
    -----BEGIN CERTIFICATE-----
    MIIMoTCCC4mgAwIBAgISA/Ir3JHZjOmLF0gyz1RGTR2wMA0GCSqGSIb3DQEBCwUA
    MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
    ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xODA2MjAxODE4NDRaFw0x
    ODA5MTgxODE4NDRaMBwxGjAYBgNVBAMTEXN1YmFydXh2Zm9ydW0uY29tMIIBIjAN
    BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxsLAtt2T3dZciEVVyauNmOMp1QfS
    kSvJsDpoVjh3Y0mE0git0dFKSeHCgI20ROfc8w+8lfCxqT/tSBPUeN5gNDkfvo9b
    2lzlpk95RUoUBWsoPpK0/MZj2Mg/olniCO9EH2q8SqKzOLKbhdcXrDxkMuPF8dzZ
    2TJjfueioSwL66e4vnN/Iflp3FRr3x3ZuW8+QMU92QmCNMH/jqAYM1s3OovwhBsZ
    Vw32T7vGXwX15k/RjTTiE23e7fb3UtFVp1SN0SkmY4VM5kN4dStgsz/5oPS05r7h
    jubnONEi9BAN1ssX9CriMKzmHc1CPoC/9mvuNfm5N/LdMs1dIzPomb6/QwIDAQAB
    o4IJrTCCCakwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr
    BgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSJlHsPyNbNEgRNH6OmfXOk
    I09hoTAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcB
    AQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlw
    dC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlw
    dC5vcmcvMIIGrQYDVR0RBIIGpDCCBqCCEXN1YmFydXh2Zm9ydW0uY29tghFzdWJp
    ZWNhbGVuZGFyLmNvbYITc3VwZXJtb3RvanVua2llLmNvbYIQc3V6dWtpLWJpa2Vz
    LmNvbYIRc3V6dWtpLWZvcnVtcy5jb22CE3N1enVraWF0dmZvcnVtcy5jb22CDXN5
    YmVybW9tcy5jb22CDnQtcm9jZm9ydW0uY29tghF0LXNoaXJ0Zm9ydW1zLmNvbYIV
    dGFsa2Fib3V0bWFycmlhZ2UuY29tghJ0YWxrcGFycm90bGV0cy5jb22CD3RhdXJ1
    c2FybWVkLm5ldIIOdGF1cnVzY2x1Yi5jb22CD3Rlbm5pc2ZvcnVtLmNvbYINdGVu
    bnNwZWVkLm5ldIITdGhlY29tYmluZWZvcnVtLmNvbYITdGhlZGllc2VsZ2FyYWdl
    LmNvbYISdGhlZmlyZWFybWJsb2cuY29tghV0aGVnYWxheHl0YWJmb3J1bS5jb22C
    FXRoZWdyYW5kdG91cmZvcnVtLmNvbYITdGhlcHVsbGluZ3BsYWNlLmNvbYISdGhl
    c3VwcmFmb3J1bXMuY29tghV0aGV0cnV0aGFib3V0Y2Fycy5jb22CEHRoZXdhdGNo
    c2l0ZS5jb22CDXRpZGFsZmlzaC5jb22CE3RqY3J1aXNlcmZvcnVtcy5jb22CEXRr
    dW5kZXJncm91bmQuY29tghN0cmVhZG1pbGxyZXZpZXdzLmNhghR0cmVhZG1pbGxy
    ZXZpZXdzLm5ldIIWdHJpdW1waGJvYmJlcmZvcnVtLmNvbYIYdHJvcGljYWwtZmlz
    aC1jZW50cmUuY29tggl0cnVreC5jb22CC3RyeDI1MHIubmV0gg10dGZvcnVtLmNv
    LnVrghB0dW5lcmZyaWVuZHMuY29tggt0dXJ0bGVzLm5ldIIOdHcyMDBmb3J1bS5j
    b22CEXR3aW5nb2ZvcnVtLmNvLnVrggx1ay1hdWRpcy5uZXSCDHVrLW1raXZzLm5l
    dIISdXBzaWRlZG93bmRvZ3MuY29tghV3d3cuc3ViYXJ1eHZmb3J1bS5jb22CFXd3
    dy5zdWJpZWNhbGVuZGFyLmNvbYIXd3d3LnN1cGVybW90b2p1bmtpZS5jb22CFHd3
    dy5zdXp1a2ktYmlrZXMuY29tghV3d3cuc3V6dWtpLWZvcnVtcy5jb22CF3d3dy5z
    dXp1a2lhdHZmb3J1bXMuY29tghF3d3cuc3liZXJtb21zLmNvbYISd3d3LnQtcm9j
    Zm9ydW0uY29tghV3d3cudC1zaGlydGZvcnVtcy5jb22CGXd3dy50YWxrYWJvdXRt
    YXJyaWFnZS5jb22CFnd3dy50YWxrcGFycm90bGV0cy5jb22CE3d3dy50YXVydXNh
    cm1lZC5uZXSCEnd3dy50YXVydXNjbHViLmNvbYITd3d3LnRlbm5pc2ZvcnVtLmNv
    bYIRd3d3LnRlbm5zcGVlZC5uZXSCF3d3dy50aGVjb21iaW5lZm9ydW0uY29tghd3
    d3cudGhlZGllc2VsZ2FyYWdlLmNvbYIWd3d3LnRoZWZpcmVhcm1ibG9nLmNvbYIZ
    d3d3LnRoZWdhbGF4eXRhYmZvcnVtLmNvbYIZd3d3LnRoZWdyYW5kdG91cmZvcnVt
    LmNvbYIXd3d3LnRoZXB1bGxpbmdwbGFjZS5jb22CFnd3dy50aGVzdXByYWZvcnVt
    cy5jb22CGXd3dy50aGV0cnV0aGFib3V0Y2Fycy5jb22CFHd3dy50aGV3YXRjaHNp
    dGUuY29tghF3d3cudGlkYWxmaXNoLmNvbYIXd3d3LnRqY3J1aXNlcmZvcnVtcy5j
    b22CFXd3dy50a3VuZGVyZ3JvdW5kLmNvbYIXd3d3LnRyZWFkbWlsbHJldmlld3Mu
    Y2GCGHd3dy50cmVhZG1pbGxyZXZpZXdzLm5ldIIad3d3LnRyaXVtcGhib2JiZXJm
    b3J1bS5jb22CHHd3dy50cm9waWNhbC1maXNoLWNlbnRyZS5jb22CDXd3dy50cnVr
    eC5jb22CD3d3dy50cngyNTByLm5ldIIRd3d3LnR0Zm9ydW0uY28udWuCFHd3dy50
    dW5lcmZyaWVuZHMuY29tgg93d3cudHVydGxlcy5uZXSCEnd3dy50dzIwMGZvcnVt
    LmNvbYIVd3d3LnR3aW5nb2ZvcnVtLmNvLnVrghB3d3cudWstYXVkaXMubmV0ghB3
    d3cudWstbWtpdnMubmV0ghZ3d3cudXBzaWRlZG93bmRvZ3MuY29tMIH+BgNVHSAE
    gfYwgfMwCAYGZ4EMAQIBMIHmBgsrBgEEAYLfEwEBATCB1jAmBggrBgEFBQcCARYa
    aHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwgasGCCsGAQUFBwICMIGeDIGbVGhp
    cyBDZXJ0aWZpY2F0ZSBtYXkgb25seSBiZSByZWxpZWQgdXBvbiBieSBSZWx5aW5n
    IFBhcnRpZXMgYW5kIG9ubHkgaW4gYWNjb3JkYW5jZSB3aXRoIHRoZSBDZXJ0aWZp
    Y2F0ZSBQb2xpY3kgZm91bmQgYXQgaHR0cHM6Ly9sZXRzZW5jcnlwdC5vcmcvcmVw
    b3NpdG9yeS8wggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdgDbdK/uyynssf7KPnFt
    LOW5qrs294Rxg8ddnU83th+/ZAAAAWQeooYYAAAEAwBHMEUCIFxnKFUuaPyx0se1
    mKydbhwBmkEa59iCaPSWoxuix1RNAiEAyDEMhjO4jJLSYEox48qAsrAjRKjLCtwT
    zxXS0Rz37QEAdwApPFGWVMg5ZbqqUPxYB9S3b79Yeily3KTDDPTlRUf0eAAAAWQe
    ooYuAAAEAwBIMEYCIQDoaaFFMS7gT+prJaz/F482OgZzxEGPWP5fon3SMn8nmAIh
    AMgy+hf5/VlEhaqevxIlnE6mkkF7nbM//VNAXLtmngnOMA0GCSqGSIb3DQEBCwUA
    A4IBAQB0T7rnFPYrxoub44v13oatDG65gmWRoJOa3eGEkcT8Bop5gPfMSUmz/X9a
    eYOruWLHr6d+ALncpcjArOeolRUIJBpeGHFHVAvcypmYUVJ8ulVTawWgrCeDcJCU
    q4N1ywVcYckMhDpVlMwtnlQMBqIwIXvVjKepT7EqjYIJRz/zRdzKTVGZAyIAOWNA
    MHLKOy7InobnilF+geSlM7V+rhgqUJM/li9Vrny7rSqqk+SI5o6SYhxhqMcQYpeA
    d8nMnTvJYKVxKBeBMEf1JRUtA2W79i6ulMjcKpTZ6kYkYaCOMoU4WvaJuZ54O09x
    mTzeBj58txmquCVxlJysL1NUvVir
    -----END CERTIFICATE-----
    subject=/CN=subaruxvforum.com
    issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
    ---
    No client certificate CA names sent
    ---
    SSL handshake has read 5119 bytes and written 416 bytes
    ---
    New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
    Server public key is 2048 bit
    Secure Renegotiation IS supported
    Compression: NONE
    Expansion: NONE
    SSL-Session:
        Protocol  : TLSv1.2
        Cipher    : ECDHE-RSA-AES128-GCM-SHA256
        Session-ID: EB4FB3F6C7646FB612FD5607985DB3D35F631E89DA9FECCCCFF500573EAA1E6F
        Session-ID-ctx: 
        Master-Key: 35252861C1FE20284F86ABD3EB432C99D2F705026C0C46160DF64C79CF34CB054FD8461668A70EAD7D996EE0472A09BF
        Key-Arg   : None
        PSK identity: None
        PSK identity hint: None
        SRP username: None
        TLS session ticket lifetime hint: 100800 (seconds)
        TLS session ticket:
        0000 - 00 bc 94 03 51 71 67 ae-14 dc ad b6 f4 d9 36 ec   ....Qqg.......6.
        0010 - 29 10 8e 87 d5 35 82 68-6f f1 fb 29 02 56 1a 5d   )....5.ho..).V.]
        0020 - 6d 98 4f 39 21 c2 f2 c4-bc 01 f3 55 7e e2 b8 0c   m.O9!......U~...
        0030 - 0c 3f 51 92 b7 40 be fa-3d 9e e7 b1 4e b0 56 fb   [email protected]=...N.V.
        0040 - 11 f6 04 f8 b5 d1 28 c4-73 3d ee fe 1c e0 c1 d7   ......(.s=......
        0050 - a7 a8 4a 64 26 f8 34 9a-89 9e 5e 31 6b 91 48 e0   ..Jd&.4...^1k.H.
        0060 - 77 50 19 27 d1 3e 19 27-70 b5 70 0f a9 3d 8d 30   wP.'.>.'p.p..=.0
        0070 - b4 b1 33 4b 0f f6 b1 a9-6a f6 fd 20 7a 1f d0 ea   ..3K....j.. z...
        0080 - 12 69 72 75 a9 23 e9 8a-35 c5 a8 5e 3a af 1f b9   .iru.#..5..^:...
        0090 - af fc c7 63 a3 65 97 60-04 18 57 a2 04 32 92 9a   ...c.e.`..W..2..
        00a0 - 07 6c 30 07 e0 14 f2 d0-57 8e 2b e7 17 51 9e 2e   .l0.....W.+..Q..
        00b0 - 79 d8 bb 23 df 5b b9 8f-5e 87 1b e8 7f c4 b3 0d   y..#.[..^.......
        00c0 - 05 ab 3c 8f d1 dc 36 df-af 96 91 ae 0f 1e d8 6b   ..<...6........k
        00d0 - 26 02 91 14 d6                                    &....
    
        Start Time: 1533069158
        Timeout   : 300 (sec)
        Verify return code: 0 (ok)
    ---

  2. #2
    Super Moderator Purple's Avatar
    Join Date
    Mar 2015
    Location
    Ynys Môn
    Posts
    4,586
    Goes with being on the cloud - so now we get a little green padlock in the address bar ....
    (Warning - Forum may contain nuts) ...... Hidden Content

    TW200 - 1998 - Japanese import - 7000 miles on the clock - TW225 Special Edition 2007
    - Hidden Content

  3. #3
    Senior Member nihil's Avatar
    Join Date
    Jan 2018
    Posts
    313
    Odd, I have a couple hundred sites in "the cloud", and none of mine have that problem.

  4. Remove Advertisements
    TW200Forum.com
    Advertisements
     

  5. #4
    Super Moderator JerseyJeeper's Avatar
    Join Date
    Mar 2011
    Location
    NJ Shore / Pine Barrens
    Posts
    3,880
    Actually: It's a legit cert, odd but legit

    Common name: subaruxvforum.com
    SANs: subaruxvforum.com, subiecalendar.com, supermotojunkie.com, suzuki-bikes.com, suzuki-forums.com, suzukiatvforums.com, sybermoms.com, t-rocforum.com, t-shirtforums.com, talkaboutmarriage.com, talkparrotlets.com, taurusarmed.net, taurusclub.com, tennisforum.com, tennspeed.net, thecombineforum.com, thedieselgarage.com, thefirearmblog.com, thegalaxytabforum.com, thegrandtourforum.com, thepullingplace.com, thesupraforums.com, thetruthaboutcars.com, thewatchsite.com, tidalfish.com, tjcruiserforums.com, tkunderground.com, treadmillreviews.ca, treadmillreviews.net, triumphbobberforum.com, tropical-fish-centre.com, trukx.com, trx250r.net, ttforum.co.uk, tunerfriends.com, turtles.net, tw200forum.com, twingoforum.co.uk, uk-audis.net, uk-mkivs.net, upsidedowndogs.com, www.subaruxvforum.com, www.subiecalendar.com, www.supermotojunkie.com, www.suzuki-bikes.com, www.suzuki-forums.com, www.suzukiatvforums.com, www.sybermoms.com, www.t-rocforum.com, www.t-shirtforums.com, www.talkaboutmarriage.com, www.talkparrotlets.com, www.taurusarmed.net, www.taurusclub.com, www.tennisforum.com, www.tennspeed.net, www.thecombineforum.com, www.thedieselgarage.com, www.thefirearmblog.com, www.thegalaxytabforum.com, www.thegrandtourforum.com, www.thepullingplace.com, www.thesupraforums.com, www.thetruthaboutcars.com, www.thewatchsite.com, www.tidalfish.com, www.tjcruiserforums.com, www.tkunderground.com, www.treadmillreviews.ca, www.treadmillreviews.net, www.triumphbobberforum.com, www.tropical-fish-centre.com, www.trukx.com, www.trx250r.net, www.ttforum.co.uk, www.tunerfriends.com, www.turtles.net, www.tw200forum.com, www.twingoforum.co.uk, www.uk-audis.net, www.uk-mkivs.net, www.upsidedowndogs.com
    Valid from June 20, 2018 to September 18, 2018
    Serial Number: 03f22bdc91d98ce98b174832cf54464d1db0
    Signature Algorithm: sha256WithRSAEncryption
    Issuer: Let's Encrypt Authority X3
    Husqvarna TE300i Fuel Injected 2-Stroke 2019
    Yamaha XT225 - 1999 Serow
    Yamaha TW200Z - 2010
    Yamaha BW200 Electric Start! - 1986
    Yamaha TTR225R - 2003
    Husqvarna 701 Enduro - 2017
    Kawasaki Prairie 650 - 2002

  6. #5
    Super Moderator JerseyJeeper's Avatar
    Join Date
    Mar 2011
    Location
    NJ Shore / Pine Barrens
    Posts
    3,880
    It's a multi-domain SAN Cert.. i.e.,:
    https://www.digicert.com/subject-alternative-name.htm
    Husqvarna TE300i Fuel Injected 2-Stroke 2019
    Yamaha XT225 - 1999 Serow
    Yamaha TW200Z - 2010
    Yamaha BW200 Electric Start! - 1986
    Yamaha TTR225R - 2003
    Husqvarna 701 Enduro - 2017
    Kawasaki Prairie 650 - 2002

  7. #6
    Super Moderator JerseyJeeper's Avatar
    Join Date
    Mar 2011
    Location
    NJ Shore / Pine Barrens
    Posts
    3,880
    Husqvarna TE300i Fuel Injected 2-Stroke 2019
    Yamaha XT225 - 1999 Serow
    Yamaha TW200Z - 2010
    Yamaha BW200 Electric Start! - 1986
    Yamaha TTR225R - 2003
    Husqvarna 701 Enduro - 2017
    Kawasaki Prairie 650 - 2002

  8. #7
    Senior Member nihil's Avatar
    Join Date
    Jan 2018
    Posts
    313
    Historically, SAN done properly identifies itself as the addressed FQDN. I haven't played with Lets Encrypt though, all my certs are commercial (contractual requirement). One would think that with a free cert vendor like LE, SAN would be unnecessary and each domain would have its own individual cert. My browser went from seeing it as trusted (green lock) to untrusted (lock with red slash), which is what sparked this thread.
    Last edited by nihil; 08-01-2018 at 11:00 AM. Reason: typo
    JerseyJeeper likes this.

  9. #8
    Senior Member Nicoradv's Avatar
    Join Date
    Mar 2018
    Location
    North East Texas
    Posts
    167
    With the number of changes that have gone on with in a very short while, i does not surprise me it is rejected.

    Is multi domain certs still valid?
    I am not sure they are.

    One thing that ticked me off is I can no longer get an SSL for LAN IP.
    JerseyJeeper likes this.
    If a bike is plated, it's suppose to be ridden, not hauled on a trailer.
    2002 DR650SE, 2001 TW200

  10. #9
    Senior Member nihil's Avatar
    Join Date
    Jan 2018
    Posts
    313
    Multidomain certs are still technically legitimate, but they're frowned upon. You can roll self signed certs for anything you want, and if you don't want to be prompted to accept them (internal business service with multiple users for instance), you can import your in-house CA into the browser trust chain. Doing production things by IP is kinda halfassed though, set up some DNS

  11. #10
    Senior Member Nicoradv's Avatar
    Join Date
    Mar 2018
    Location
    North East Texas
    Posts
    167
    Quote Originally Posted by nihil View Post
    Multidomain certs are still technically legitimate, but they're frowned upon. You can roll self signed certs for anything you want, and if you don't want to be prompted to accept them (internal business service with multiple users for instance), you can import your in-house CA into the browser trust chain. Doing production things by IP is kinda halfassed though, set up some DNS
    Agree on the DNS. It would have to router capable of it. Which is the problem.
    Actually agree on the self-signed if used in-houise.
    If a bike is plated, it's suppose to be ridden, not hauled on a trailer.
    2002 DR650SE, 2001 TW200

Page 1 of 2 12 LastLast

Sponosred Links

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Similar Threads

  1. Brand new TW200 with the clutch spring issue.
    By invisibledove in forum Technical Help
    Replies: 29
    Last Post: 02-12-2018, 11:39 AM
  2. Replies: 8
    Last Post: 01-11-2014, 03:18 PM
  3. Alternator / Generator / Battery issue
    By MarcusPotts in forum Technical Help
    Replies: 8
    Last Post: 01-10-2012, 03:47 AM
  4. Front sprocket issue
    By SRTeric in forum Technical Help
    Replies: 5
    Last Post: 06-07-2011, 11:36 AM
  5. 91 tw charging issue
    By mike438 in forum Technical Help
    Replies: 5
    Last Post: 03-13-2011, 08:25 PM