TW200 Forum banner

1 - 15 of 15 Posts

·
Registered
Joined
·
336 Posts
Discussion Starter #1
So along with all the rest of the technical oddities lately, I'm getting an SSL certificate from subaruxvforum.com when browsing here... Just a heads up.

Code:
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = subaruxvforum.com
verify return:1
---
Certificate chain
 0 s:/CN=subaruxvforum.com
   i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
 1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
   i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIMoTCCC4mgAwIBAgISA/Ir3JHZjOmLF0gyz1RGTR2wMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xODA2MjAxODE4NDRaFw0x
ODA5MTgxODE4NDRaMBwxGjAYBgNVBAMTEXN1YmFydXh2Zm9ydW0uY29tMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxsLAtt2T3dZciEVVyauNmOMp1QfS
kSvJsDpoVjh3Y0mE0git0dFKSeHCgI20ROfc8w+8lfCxqT/tSBPUeN5gNDkfvo9b
2lzlpk95RUoUBWsoPpK0/MZj2Mg/olniCO9EH2q8SqKzOLKbhdcXrDxkMuPF8dzZ
2TJjfueioSwL66e4vnN/Iflp3FRr3x3ZuW8+QMU92QmCNMH/jqAYM1s3OovwhBsZ
Vw32T7vGXwX15k/RjTTiE23e7fb3UtFVp1SN0SkmY4VM5kN4dStgsz/5oPS05r7h
jubnONEi9BAN1ssX9CriMKzmHc1CPoC/9mvuNfm5N/LdMs1dIzPomb6/QwIDAQAB
o4IJrTCCCakwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr
BgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSJlHsPyNbNEgRNH6OmfXOk
I09hoTAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcB
AQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlw
dC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlw
dC5vcmcvMIIGrQYDVR0RBIIGpDCCBqCCEXN1YmFydXh2Zm9ydW0uY29tghFzdWJp
ZWNhbGVuZGFyLmNvbYITc3VwZXJtb3RvanVua2llLmNvbYIQc3V6dWtpLWJpa2Vz
LmNvbYIRc3V6dWtpLWZvcnVtcy5jb22CE3N1enVraWF0dmZvcnVtcy5jb22CDXN5
YmVybW9tcy5jb22CDnQtcm9jZm9ydW0uY29tghF0LXNoaXJ0Zm9ydW1zLmNvbYIV
dGFsa2Fib3V0bWFycmlhZ2UuY29tghJ0YWxrcGFycm90bGV0cy5jb22CD3RhdXJ1
c2FybWVkLm5ldIIOdGF1cnVzY2x1Yi5jb22CD3Rlbm5pc2ZvcnVtLmNvbYINdGVu
bnNwZWVkLm5ldIITdGhlY29tYmluZWZvcnVtLmNvbYITdGhlZGllc2VsZ2FyYWdl
LmNvbYISdGhlZmlyZWFybWJsb2cuY29tghV0aGVnYWxheHl0YWJmb3J1bS5jb22C
FXRoZWdyYW5kdG91cmZvcnVtLmNvbYITdGhlcHVsbGluZ3BsYWNlLmNvbYISdGhl
c3VwcmFmb3J1bXMuY29tghV0aGV0cnV0aGFib3V0Y2Fycy5jb22CEHRoZXdhdGNo
c2l0ZS5jb22CDXRpZGFsZmlzaC5jb22CE3RqY3J1aXNlcmZvcnVtcy5jb22CEXRr
dW5kZXJncm91bmQuY29tghN0cmVhZG1pbGxyZXZpZXdzLmNhghR0cmVhZG1pbGxy
ZXZpZXdzLm5ldIIWdHJpdW1waGJvYmJlcmZvcnVtLmNvbYIYdHJvcGljYWwtZmlz
aC1jZW50cmUuY29tggl0cnVreC5jb22CC3RyeDI1MHIubmV0gg10dGZvcnVtLmNv
LnVrghB0dW5lcmZyaWVuZHMuY29tggt0dXJ0bGVzLm5ldIIOdHcyMDBmb3J1bS5j
b22CEXR3aW5nb2ZvcnVtLmNvLnVrggx1ay1hdWRpcy5uZXSCDHVrLW1raXZzLm5l
dIISdXBzaWRlZG93bmRvZ3MuY29tghV3d3cuc3ViYXJ1eHZmb3J1bS5jb22CFXd3
dy5zdWJpZWNhbGVuZGFyLmNvbYIXd3d3LnN1cGVybW90b2p1bmtpZS5jb22CFHd3
dy5zdXp1a2ktYmlrZXMuY29tghV3d3cuc3V6dWtpLWZvcnVtcy5jb22CF3d3dy5z
dXp1a2lhdHZmb3J1bXMuY29tghF3d3cuc3liZXJtb21zLmNvbYISd3d3LnQtcm9j
Zm9ydW0uY29tghV3d3cudC1zaGlydGZvcnVtcy5jb22CGXd3dy50YWxrYWJvdXRt
YXJyaWFnZS5jb22CFnd3dy50YWxrcGFycm90bGV0cy5jb22CE3d3dy50YXVydXNh
cm1lZC5uZXSCEnd3dy50YXVydXNjbHViLmNvbYITd3d3LnRlbm5pc2ZvcnVtLmNv
bYIRd3d3LnRlbm5zcGVlZC5uZXSCF3d3dy50aGVjb21iaW5lZm9ydW0uY29tghd3
d3cudGhlZGllc2VsZ2FyYWdlLmNvbYIWd3d3LnRoZWZpcmVhcm1ibG9nLmNvbYIZ
d3d3LnRoZWdhbGF4eXRhYmZvcnVtLmNvbYIZd3d3LnRoZWdyYW5kdG91cmZvcnVt
LmNvbYIXd3d3LnRoZXB1bGxpbmdwbGFjZS5jb22CFnd3dy50aGVzdXByYWZvcnVt
cy5jb22CGXd3dy50aGV0cnV0aGFib3V0Y2Fycy5jb22CFHd3dy50aGV3YXRjaHNp
dGUuY29tghF3d3cudGlkYWxmaXNoLmNvbYIXd3d3LnRqY3J1aXNlcmZvcnVtcy5j
b22CFXd3dy50a3VuZGVyZ3JvdW5kLmNvbYIXd3d3LnRyZWFkbWlsbHJldmlld3Mu
Y2GCGHd3dy50cmVhZG1pbGxyZXZpZXdzLm5ldIIad3d3LnRyaXVtcGhib2JiZXJm
b3J1bS5jb22CHHd3dy50cm9waWNhbC1maXNoLWNlbnRyZS5jb22CDXd3dy50cnVr
eC5jb22CD3d3dy50cngyNTByLm5ldIIRd3d3LnR0Zm9ydW0uY28udWuCFHd3dy50
dW5lcmZyaWVuZHMuY29tgg93d3cudHVydGxlcy5uZXSCEnd3dy50dzIwMGZvcnVt
LmNvbYIVd3d3LnR3aW5nb2ZvcnVtLmNvLnVrghB3d3cudWstYXVkaXMubmV0ghB3
d3cudWstbWtpdnMubmV0ghZ3d3cudXBzaWRlZG93bmRvZ3MuY29tMIH+BgNVHSAE
gfYwgfMwCAYGZ4EMAQIBMIHmBgsrBgEEAYLfEwEBATCB1jAmBggrBgEFBQcCARYa
aHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwgasGCCsGAQUFBwICMIGeDIGbVGhp
cyBDZXJ0aWZpY2F0ZSBtYXkgb25seSBiZSByZWxpZWQgdXBvbiBieSBSZWx5aW5n
IFBhcnRpZXMgYW5kIG9ubHkgaW4gYWNjb3JkYW5jZSB3aXRoIHRoZSBDZXJ0aWZp
Y2F0ZSBQb2xpY3kgZm91bmQgYXQgaHR0cHM6Ly9sZXRzZW5jcnlwdC5vcmcvcmVw
b3NpdG9yeS8wggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdgDbdK/uyynssf7KPnFt
LOW5qrs294Rxg8ddnU83th+/ZAAAAWQeooYYAAAEAwBHMEUCIFxnKFUuaPyx0se1
mKydbhwBmkEa59iCaPSWoxuix1RNAiEAyDEMhjO4jJLSYEox48qAsrAjRKjLCtwT
zxXS0Rz37QEAdwApPFGWVMg5ZbqqUPxYB9S3b79Yeily3KTDDPTlRUf0eAAAAWQe
ooYuAAAEAwBIMEYCIQDoaaFFMS7gT+prJaz/F482OgZzxEGPWP5fon3SMn8nmAIh
AMgy+hf5/VlEhaqevxIlnE6mkkF7nbM//VNAXLtmngnOMA0GCSqGSIb3DQEBCwUA
A4IBAQB0T7rnFPYrxoub44v13oatDG65gmWRoJOa3eGEkcT8Bop5gPfMSUmz/X9a
eYOruWLHr6d+ALncpcjArOeolRUIJBpeGHFHVAvcypmYUVJ8ulVTawWgrCeDcJCU
q4N1ywVcYckMhDpVlMwtnlQMBqIwIXvVjKepT7EqjYIJRz/zRdzKTVGZAyIAOWNA
MHLKOy7InobnilF+geSlM7V+rhgqUJM/li9Vrny7rSqqk+SI5o6SYhxhqMcQYpeA
d8nMnTvJYKVxKBeBMEf1JRUtA2W79i6ulMjcKpTZ6kYkYaCOMoU4WvaJuZ54O09x
mTzeBj58txmquCVxlJysL1NUvVir
-----END CERTIFICATE-----
subject=/CN=subaruxvforum.com
issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
---
No client certificate CA names sent
---
SSL handshake has read 5119 bytes and written 416 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID: EB4FB3F6C7646FB612FD5607985DB3D35F631E89DA9FECCCCFF500573EAA1E6F
    Session-ID-ctx: 
    Master-Key: 35252861C1FE20284F86ABD3EB432C99D2F705026C0C46160DF64C79CF34CB054FD8461668A70EAD7D996EE0472A09BF
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 100800 (seconds)
    TLS session ticket:
    0000 - 00 bc 94 03 51 71 67 ae-14 dc ad b6 f4 d9 36 ec   ....Qqg.......6.
    0010 - 29 10 8e 87 d5 35 82 68-6f f1 fb 29 02 56 1a 5d   )....5.ho..).V.]
    0020 - 6d 98 4f 39 21 c2 f2 c4-bc 01 f3 55 7e e2 b8 0c   m.O9!......U~...
    0030 - 0c 3f 51 92 b7 40 be fa-3d 9e e7 b1 4e b0 56 fb   [email protected]=...N.V.
    0040 - 11 f6 04 f8 b5 d1 28 c4-73 3d ee fe 1c e0 c1 d7   ......(.s=......
    0050 - a7 a8 4a 64 26 f8 34 9a-89 9e 5e 31 6b 91 48 e0   ..Jd&.4...^1k.H.
    0060 - 77 50 19 27 d1 3e 19 27-70 b5 70 0f a9 3d 8d 30   wP.'.>.'p.p..=.0
    0070 - b4 b1 33 4b 0f f6 b1 a9-6a f6 fd 20 7a 1f d0 ea   ..3K....j.. z...
    0080 - 12 69 72 75 a9 23 e9 8a-35 c5 a8 5e 3a af 1f b9   .iru.#..5..^:...
    0090 - af fc c7 63 a3 65 97 60-04 18 57 a2 04 32 92 9a   ...c.e.`..W..2..
    00a0 - 07 6c 30 07 e0 14 f2 d0-57 8e 2b e7 17 51 9e 2e   .l0.....W.+..Q..
    00b0 - 79 d8 bb 23 df 5b b9 8f-5e 87 1b e8 7f c4 b3 0d   y..#.[..^.......
    00c0 - 05 ab 3c 8f d1 dc 36 df-af 96 91 ae 0f 1e d8 6b   ..<...6........k
    00d0 - 26 02 91 14 d6                                    &....

    Start Time: 1533069158
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
 

·
Super Moderator
Joined
·
4,046 Posts
Actually: It's a legit cert, odd but legit

Common name: subaruxvforum.com
SANs: subaruxvforum.com, subiecalendar.com, supermotojunkie.com, suzuki-bikes.com, suzuki-forums.com, suzukiatvforums.com, sybermoms.com, t-rocforum.com, t-shirtforums.com, talkaboutmarriage.com, talkparrotlets.com, taurusarmed.net, taurusclub.com, tennisforum.com, tennspeed.net, thecombineforum.com, thedieselgarage.com, thefirearmblog.com, thegalaxytabforum.com, thegrandtourforum.com, thepullingplace.com, thesupraforums.com, thetruthaboutcars.com, thewatchsite.com, tidalfish.com, tjcruiserforums.com, tkunderground.com, treadmillreviews.ca, treadmillreviews.net, triumphbobberforum.com, tropical-fish-centre.com, trukx.com, trx250r.net, ttforum.co.uk, tunerfriends.com, turtles.net, tw200forum.com, twingoforum.co.uk, uk-audis.net, uk-mkivs.net, upsidedowndogs.com, www.subaruxvforum.com, www.subiecalendar.com, www.supermotojunkie.com, www.suzuki-bikes.com, www.suzuki-forums.com, www.suzukiatvforums.com, www.sybermoms.com, www.t-rocforum.com, www.t-shirtforums.com, www.talkaboutmarriage.com, www.talkparrotlets.com, www.taurusarmed.net, www.taurusclub.com, www.tennisforum.com, www.tennspeed.net, www.thecombineforum.com, www.thedieselgarage.com, www.thefirearmblog.com, www.thegalaxytabforum.com, www.thegrandtourforum.com, www.thepullingplace.com, www.thesupraforums.com, www.thetruthaboutcars.com, www.thewatchsite.com, www.tidalfish.com, www.tjcruiserforums.com, www.tkunderground.com, www.treadmillreviews.ca, www.treadmillreviews.net, www.triumphbobberforum.com, www.tropical-fish-centre.com, www.trukx.com, www.trx250r.net, www.ttforum.co.uk, www.tunerfriends.com, www.turtles.net, www.tw200forum.com, www.twingoforum.co.uk, www.uk-audis.net, www.uk-mkivs.net, www.upsidedowndogs.com
Valid from June 20, 2018 to September 18, 2018
Serial Number: 03f22bdc91d98ce98b174832cf54464d1db0
Signature Algorithm: sha256WithRSAEncryption
Issuer: Let's Encrypt Authority X3
 

·
Registered
Joined
·
336 Posts
Discussion Starter #7 (Edited)
Historically, SAN done properly identifies itself as the addressed FQDN. I haven't played with Lets Encrypt though, all my certs are commercial (contractual requirement). One would think that with a free cert vendor like LE, SAN would be unnecessary and each domain would have its own individual cert. My browser went from seeing it as trusted (green lock) to untrusted (lock with red slash), which is what sparked this thread.
 

·
Registered
Joined
·
167 Posts
With the number of changes that have gone on with in a very short while, i does not surprise me it is rejected.

Is multi domain certs still valid?
I am not sure they are.

One thing that ticked me off is I can no longer get an SSL for LAN IP.
 

·
Registered
Joined
·
336 Posts
Discussion Starter #9
Multidomain certs are still technically legitimate, but they're frowned upon. You can roll self signed certs for anything you want, and if you don't want to be prompted to accept them (internal business service with multiple users for instance), you can import your in-house CA into the browser trust chain. Doing production things by IP is kinda halfassed though, set up some DNS :)
 

·
Registered
Joined
·
167 Posts
Multidomain certs are still technically legitimate, but they're frowned upon. You can roll self signed certs for anything you want, and if you don't want to be prompted to accept them (internal business service with multiple users for instance), you can import your in-house CA into the browser trust chain. Doing production things by IP is kinda halfassed though, set up some DNS :)
Agree on the DNS. It would have to router capable of it. Which is the problem.
Actually agree on the self-signed if used in-houise.
 

·
Registered
Joined
·
336 Posts
Discussion Starter #11
You can run DNS on most anything. Some folks run DNSMasq on a cheap Raspberry Pi (be prepared to burn up microSD cards once or twice a year with all the I/O from a cache). Personally I prefer DJBDNS on more substantial hardware, but that's a bit more than anyone outside an enterprise environment needs.
 

·
Administrator
Joined
·
412 Posts
As noted, the SSL cert is valid but showing the first site in the list of all those on the same server. However, on Win10/Chrome, my Secure note is showing correctly. If yours is showing as https with a red line through it, please screenshot it and the certificate and ill escalate this up to look into.

What browser is this on?

- JB
 

·
Registered
Joined
·
167 Posts
As noted, the SSL cert is valid but showing the first site in the list of all those on the same server. However, on Win10/Chrome, my Secure note is showing correctly. If yours is showing as https with a red line through it, please screenshot it and the certificate and ill escalate this up to look into.

What browser is this on?

- JB
The error i am getting is because of calling http: for some the addresses in the page (IE).
"only display secure content"

Is actually a cross-domain error in that.

I have never used the prefix of http for the following before

http: // www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd
http: / /www.w3.org/1999/xhtml

The others in there are trapped to https
 

·
Administrator
Joined
·
412 Posts
The error i am getting is because of calling http: for some the addresses in the page (IE).
"only display secure content"

Is actually a cross-domain error in that.

I have never used the prefix of http for the following before

http: // www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd
http: / /www.w3.org/1999/xhtml

The others in there are trapped to https
Give this a try
Tools>Internet Options>Security tab>Custom Level button>Display Mixed Content>Enable (was set to "Prompt")

Ed
 
1 - 15 of 15 Posts
Top