[Info-vax] eight-cubed.com unreacheble
Neil Rieck
n.rieck at bell.net
Sat Jul 1 06:51:59 EDT 2023
On Friday, June 30, 2023 at 8:25:48 AM UTC-4, Craig A. Berry wrote:
> On 6/30/23 1:02 AM, Peter Skoog wrote:
Testing a little further: notice that the canonical name (CN) used by this site is "www.ftp.eight-cubed.com" (could the "ftp" be some sort of typo?)
Anyway, most sites today only contain two URLs (eg. host.domain and www.host.domain)
If you intend to support more left-side variants then they need to be on the certificate as well or you must use a wildcard.
openssl s_client -connect eight-cubed.com:443 -showcerts
CONNECTED(000001BC)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = www.ftp.eight-cubed.com
verify return:1
---
Certificate chain
0 s:CN = www.ftp.eight-cubed.com
i:C = US, O = Let's Encrypt, CN = R3
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: May 21 12:47:27 2023 GMT; NotAfter: Aug 19 12:47:26 2023 GMT
-----BEGIN CERTIFICATE-----
MIIGXDCCBUSgAwIBAgISA0ce6yoh0e9tgEcCDPdQp00iMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
bla...bla..bla...
(2) this command does not appear to handshake properly:
openssl s_client -connect eight-cubed.com:443 -tls1_3
(the transaction dangles when tested from: OpenSSL 3.1.0 14 Mar 2023)
(3) this command does connect properly:
openssl s_client -connect eight-cubed.com:443 -tls1_2
but then typing:
GET / HTTP/1.0<enter>
<enter>
returns a 320 error so I think we're are seeing a misconfigured site.
Neil Rieck
Waterloo, Ontario, Canada.
http://neilrieck.net
http://neilrieck.net/OpenVMS.html
More information about the Info-vax
mailing list