qone8 הותקן אצלי בטעות ואני לא מצליח להעיף אותו

אצלי https לשרת הנ"ל תקין בפיירפוקס... (יש לציין שאני מריץ גירסה אחרונה שלו... מצד שני, אולי פעם אישרתי להם להתקין את התעודה? לא מתאים לי, אבל מצד שני, אני מראש לא סומך על אתר שאני רואה בדפיו את הסיומת aspx... אני לא צריך את האזהרה בכניסה, אז אולי כן עשיתי את זה...)

מה שכן, כשבודקים עם openssl גם יש אזהרה (שאין, למשל, על פרש...)

של המוסד:

$ openssl s_client -connect www.mossad.gov.il:443
CONNECTED(00000003)
depth=0 C = IL, ST = Israel, L = Jerusalem, O = Ministry of Finance, OU = Tehila, OU = Terms of use at www.comsign.co.il/rpa (c) 04, OU = Authenticated by ComSign Ltd., OU = "Member, VeriSign Trust Network", CN = www.mossad.gov.il
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = IL, ST = Israel, L = Jerusalem, O = Ministry of Finance, OU = Tehila, OU = Terms of use at www.comsign.co.il/rpa (c) 04, OU = Authenticated by ComSign Ltd., OU = "Member, VeriSign Trust Network", CN = www.mossad.gov.il
verify error:num=27:certificate not trusted
verify return:1
depth=0 C = IL, ST = Israel, L = Jerusalem, O = Ministry of Finance, OU = Tehila, OU = Terms of use at www.comsign.co.il/rpa (c) 04, OU = Authenticated by ComSign Ltd., OU = "Member, VeriSign Trust Network", CN = www.mossad.gov.il
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:/C=IL/ST=Israel/L=Jerusalem/O=Ministry of Finance/OU=Tehila/OU=Terms of use at www.comsign.co.il/rpa (c) 04/OU=Authenticated by ComSign Ltd./OU=Member, VeriSign Trust Network/CN=www.mossad.gov.il
i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 International Server CA - G3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGEDCCBPigAwIBAgIQGUwOt4SHfz77WQ2tMTugYTANBgkqhk iG9w0BAQUFADCB
vDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbm MuMR8wHQYDVQQL
ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZX JtcyBvZiB1c2Ug
YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMD E2MDQGA1UEAxMt
VmVyaVNpZ24gQ2xhc3MgMyBJbnRlcm5hdGlvbmFsIFNlcnZlci BDQSAtIEczMB4X
DTEyMTEwNDAwMDAwMFoXDTE0MTEwNDIzNTk1OVowggEFMQswCQ YDVQQGEwJJTDEP
MA0GA1UECBMGSXNyYWVsMRIwEAYDVQQHFAlKZXJ1c2FsZW0xHD AaBgNVBAoUE01p
bmlzdHJ5IG9mIEZpbmFuY2UxDzANBgNVBAsUBlRlaGlsYTE1MD MGA1UECxMsVGVy
bXMgb2YgdXNlIGF0IHd3dy5jb21zaWduLmNvLmlsL3JwYSAoYy kgMDQxJjAkBgNV
BAsTHUF1dGhlbnRpY2F0ZWQgYnkgQ29tU2lnbiBMdGQuMScwJQ YDVQQLEx5NZW1i
ZXIsIFZlcmlTaWduIFRydXN0IE5ldHdvcmsxGjAYBgNVBAMUEX d3dy5tb3NzYWQu
Z292LmlsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQ EAs95CJ2Eg2KOc
wj7anEACY0o+wUn/1tC0FWDJDCa6wSWQpuw/u4MhzG652bXYWjthlPaNEyLzTaPa
cAG+6xZ8p78tSVbtydTlPuNZEoQwugQ2BYmFMVe0h8zeNq6XoJ cyuGM2AymrH8zw
/mj00YRCJRYH/guoRgAXpXEsnSjBZQcjQ8XTKx48GPaYoJgx5hfEZe2BuWN5hiK k
XBf6V+py8zUXTn2AfdBGpnKiXOxV0Ye1ZpMO4eXpk9Qzu0Z5Ca Mhm+17VGUu6qh1
SuIzwXeVjxZhgmb9XTJ1TB+KQuJXf8DDhnaUZM+Rt4fIYChZh0 /NETTk4j9IQGWX
K9QDaBzHKQIDAQABo4IBwDCCAbwwCQYDVR0TBAIwADALBgNVHQ 8EBAMCBaAwRQYD
VR0gBD4wPDA6BgtghkgBhvhFAQcXAzArMCkGCCsGAQUFBwIBFh 1odHRwczovL3d3
dy5jb21zaWduLmNvLmlsL3JwYTBBBgNVHR8EOjA4MDagNKAyhj BodHRwOi8vU1ZS
SW50bC1HMy1jcmwudmVyaXNpZ24uY29tL1NWUkludGxHMy5jcm wwNAYDVR0lBC0w
KwYIKwYBBQUHAwEGCCsGAQUFBwMCBglghkgBhvhCBAEGCisGAQ QBgjcKAwMwcgYI
KwYBBQUHAQEEZjBkMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC 52ZXJpc2lnbi5j
b20wPAYIKwYBBQUHMAKGMGh0dHA6Ly9TVlJJbnRsLUczLWFpYS 52ZXJpc2lnbi5j
b20vU1ZSSW50bEczLmNlcjBuBggrBgEFBQcBDARiMGChXqBcMF owWDBWFglpbWFn
ZS9naWYwITAfMAcGBSsOAwIaBBRLa7kolgYMu9BSOJsprEsHiy EFGDAmFiRodHRw
Oi8vbG9nby52ZXJpc2lnbi5jb20vdnNsb2dvMS5naWYwDQYJKo ZIhvcNAQEFBQAD
ggEBAJkrFdCTL2Ym8amjBq/YvGQeocAhSNRMIySbdjxUn1y4jVh/mGTDjJycg1JQ
D62r23WwXBAwrxf5y+d9m0ZM6HNifI5suF8v8nW8Jz4x0VZa84 VPr1vxdxX2ujRs
oWF36L1IRFIA0TR4MjktcSzlscTWJQU1Ereus488C6ok6dwJzb SG2GPLdQFqoSFg
LXx+C9Zn4JKv1F0G/AemfozokeERo8/USZwJHGHyE4vwSuWaOnsAotagsHQVvrii
b5gvCsNVMqBHqyZuotwN45uzLGhajlRRUHnfGVuhlpvg1E0Tss 8O3/3glYo93+np
XjgTEPsAmXvXtESIgy7OhQGiWm4=
-----END CERTIFICATE-----
subject=/C=IL/ST=Israel/L=Jerusalem/O=Ministry of Finance/OU=Tehila/OU=Terms of use at www.comsign.co.il/rpa (c) 04/OU=Authenticated by ComSign Ltd./OU=Member, VeriSign Trust Network/CN=www.mossad.gov.il
issuer=/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 International Server CA - G3
---
No client certificate CA names sent
---
SSL handshake has read 1700 bytes and written 835 bytes
---
New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DES-CBC3-SHA
Session-ID: 13000000290ED0AFBCEF8B45AE25CA2487F807BC81E35F1C57 423F78F054251D
Session-ID-ctx:
Master-Key: 9CC91E4C33F15A517D2D6702D57C9116E7411425B498807AF5 28FD68497E7FC6730A90F0376F20D1FA4CCB51158EEFA1
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1400091990
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)
---

של פרש:

$ openssl s_client -connect www.fresh.co.il:443
CONNECTED(00000003)
depth=2 C = US, O = "The Go Daddy Group, Inc.", OU = Go Daddy Class 2 Certification Authority
verify return:1
depth=1 C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", OU = http://certificates.godaddy.com/repository, CN = Go Daddy Secure Certification Authority, serialNumber = 07969287
verify return:1
depth=0 O = www.fresh.co.il, OU = Domain Control Validated, CN = www.fresh.co.il
verify return:1
---
Certificate chain
0 s:/O=www.fresh.co.il/OU=Domain Control Validated/CN=www.fresh.co.il
i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=07969287
1 s:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=07969287
i:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
2 s:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
i:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFXzCCBEegAwIBAgIHJ4TlKsvckDANBgkqhkiG9w0BAQUFAD CByjELMAkGA1UE
BhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3 R0c2RhbGUxGjAY
BgNVBAoTEUdvRGFkZHkuY29tLCBJbmMuMTMwMQYDVQQLEypodH RwOi8vY2VydGlm
aWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkxMDAuBgNVBA MTJ0dvIERhZGR5
IFNlY3VyZSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTERMA8GA1 UEBRMIMDc5Njky
ODcwHhcNMTIwNjA1MDYzMzE1WhcNMTcwNjA1MDYzMzE1WjBXMR gwFgYDVQQKDA93
d3cuZnJlc2guY28uaWwxITAfBgNVBAsMGERvbWFpbiBDb250cm 9sIFZhbGlkYXRl
ZDEYMBYGA1UEAwwPd3d3LmZyZXNoLmNvLmlsMIIBIjANBgkqhk iG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAtiKEAesowVNr36mmy9iTdqywVc2A+2BTdG /xYhPdKWanOp3N
ITtDtfEZGPzSNnCvnHa0G/fskUCjSDeAEDMFKaTqBazcTC7fIagSVUvPeHMqOx7k
VRoxgT95WsjoJRvZ7Xxor0WVEd9SxDSwyhFzsuhOGUirKIcZ0K Lkf0fHzGfnWHkY
fMqOM48zrskZOvWNskcSKPD7epQDfVRjs19u89rFuJDb4IfN+t e2wVbFvlkQMgGm
uXj6DYOLnNAktz+4lkKfWQYu+YZAsVUd6vUUo9/3A7OVP54mjHYnKjlYnnclmgIy
XbPtxa0/10if0mKW/tXety82A5ArC2TJDBjFFwIDAQABo4IBujCCAbYwDwYDVR0T
AQH/BAUwAwEBADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAw IwDgYDVR0P
AQH/BAQDAgWgMDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9jcmwuZ2 9kYWRkeS5j
b20vZ2RzMS03MS5jcmwwUwYDVR0gBEwwSjBIBgtghkgBhv1tAQ cXATA5MDcGCCsG
AQUFBwIBFitodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFkZHkuY2 9tL3JlcG9zaXRv
cnkvMIGABggrBgEFBQcBAQR0MHIwJAYIKwYBBQUHMAGGGGh0dH A6Ly9vY3NwLmdv
ZGFkZHkuY29tLzBKBggrBgEFBQcwAoY+aHR0cDovL2NlcnRpZm ljYXRlcy5nb2Rh
ZGR5LmNvbS9yZXBvc2l0b3J5L2dkX2ludGVybWVkaWF0ZS5jcn QwHwYDVR0jBBgw
FoAU/axhMpNsRdbi7oVfmrrndplozOcwJwYDVR0RBCAwHoIPd3d3LmZ yZXNoLmNv
LmlsggtmcmVzaC5jby5pbDAdBgNVHQ4EFgQUUBGQ99r6n3JSsj lmDtV87VHX918w
DQYJKoZIhvcNAQEFBQADggEBAEDoPLB3TCh5dJHwOc+yEhFyaY nCYCDj9W8Jkbz8
QLozhpXAKe1PJZjWSiLKDaEBCirrJAMPWeBXEV13LuI1toCEWZ 2+tLRiEqjCIqmT
QWex7EHs6NGzPxPXUBSTGqSedkS7FHJabBdP2owQmS9Lvc5B//EZp6gjAS0xJOtz
VNaGe0V/d5aXDO9r9+vC3SOqwJIgjX8iC6UgN5CeNNoGh57F68urE3FW0/vUluCN
ETmxP2Tg6PDgmtY0ogu39ggpq6v/eT14I8xjY9uCOnP52c7YdCpqLcoO5m/6YcVy
jRUvve9g6Q2GjRZuSFzMBgQrLGWgek90NoAyCGkbufYzaNc=
-----END CERTIFICATE-----
subject=/O=www.fresh.co.il/OU=Domain Control Validated/CN=www.fresh.co.il
issuer=/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=07969287
---
No client certificate CA names sent
---
SSL handshake has read 4322 bytes and written 643 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 3CF5757F6BA429B8A2A3BF292C5067DEB1A1B39E3252B6F6BE 337B27A2127563
Session-ID-ctx:
Master-Key: F488BDB84DE4130490BAD1866C082491258AF67971C5F2E576 690E282B8B301AFC8C8761DB93895B825EE722FE729B8D
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - af f0 bf ee 16 af 86 52-87 29 8a 2a dd f7 40 54 .......R.).*..@T
0010 - ca 2f 02 92 ae 8d d5 a6-03 5c 32 bd 97 e7 24 70 ./.......\2...$p
0020 - a5 81 be 25 f5 62 7a 67-8f 2e 4d ce 63 a7 b3 0c ...%.bzg..M.c...
0030 - a2 90 79 87 86 ee d3 3f-14 75 a2 12 4f 34 52 7e ..y....?.u..O4R~
0040 - a1 92 6e c7 54 85 31 32-08 ab e8 7c 97 f8 df ff ..n.T.12...|....
0050 - 01 87 28 db 26 8b c0 36-5a 10 ea 7c 89 8c 3a 79 ..(.&..6Z..|..:y
0060 - c2 c7 a6 7e 05 a9 09 c2-9f cb 77 5f 07 47 d3 1d ...~......w_.G..
0070 - 50 90 c6 91 29 e0 7b 8e-d0 d6 73 6f 4b 0e d1 77 P...).{...soK..w
0080 - 46 a0 e9 0f 14 cb 6e 91-8b d0 15 a0 22 26 15 cc F.....n....."&..
0090 - ad bd 87 e8 7d ea fc bc-70 e5 26 76 25 bb fd 2a ....}...p.&v%..*

Start Time: 1400092060
Timeout : 300 (sec)
Verify return code: 0 (ok)
---

מעניין... בשלוף הייתי אומר שהקינפוג של ה intermediate certificate בשרת שלהם דפוק...

נ.ב. הם גם לא תומכים ב secure renegotation... ובכללי תקועים ב TLS v1.0 ...

כלי אשכול	חפש באשכול זה
הצג גירסת הדפסה שלח דף זה ב E-Mail	חפש באשכול זה: חיפוש מתקדם
מצבי תצוגה	דרג אשכול זה
עבור למצב לינארי מצב כלאיים עבור למצב משורשר	דרג אשכול זה:

הדף נוצר ב 0.06 שניות עם 12 שאילתות
צור קשר - Fresh - למעלה