Last active
March 7, 2022 16:09
-
-
Save prettydiff/58d10254238f294448f763fcfbdf7df5 to your computer and use it in GitHub Desktop.
certificate - ubuntu
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
problem - Ubuntu: | |
Cert does not work at all. When connecting to localhost the browser throws the Privacy Error screen with Chrome error NET::ERR_CERT_AUTHORITY_INVALID | |
--- | |
certificate create steps: | |
openssl genpkey -algorithm RSA -out share-file-ca.key | |
openssl req -x509 -key share-file-ca.key -days 16384 -out share-file-ca.crt -subj "/CN=share-file-ca/O=share-file" | |
openssl genpkey -algorithm RSA -out share-file.key | |
openssl req -new -key share-file.key -out share-file.csr -subj "/CN=share-file/O=share-file" | |
openssl x509 -req -in share-file.csr -days 16384 -out share-file.crt -CA share-file-ca.crt -CAkey share-file-ca.key -CAcreateserial -extfile "C:\\Users\\austincheney\\share-file-systems\\lib\\certificate\\ca.cnf" -extensions x509_ext | |
config file: https://gist.github.com/prettydiff/79787166b034f0fe587f2204e9fb7702 | |
--- | |
ubuntu store commands: | |
sudo mkdir /usr/local/share/ca-certificates/extra | |
sudo cp ./share-file.crt /usr/local/share/ca-certificates/extra | |
sudo cp ./share-file-ca.crt /usr/local/share/ca-certificates/extra | |
sudo update-ca-certificates --fresh | |
--- | |
openSSL verification command: | |
openssl s_client -connect localhost:443 -servername localhost -verify_return_error -CAfile .\share-file-ca.crt | |
--- | |
openSSL verification output: | |
CONNECTED(00000003) | |
depth=1 CN = share-file-ca, O = share-file | |
verify return:1 | |
depth=0 CN = share-file, O = share-file | |
verify return:1 | |
--- | |
Certificate chain | |
0 s:CN = share-file, O = share-file | |
i:CN = share-file-ca, O = share-file | |
--- | |
Server certificate | |
-----BEGIN CERTIFICATE----- | |
MIIDSjCCAjKgAwIBAgIUEJi05erE/aLhT1/2/25DW2FRgjEwDQYJKoZIhvcNAQEL | |
BQAwLTEWMBQGA1UEAwwNc2hhcmUtZmlsZS1jYTETMBEGA1UECgwKc2hhcmUtZmls | |
ZTAgFw0yMjAzMDcxNTUyMzFaGA8yMDY3MDExNDE1NTIzMVowKjETMBEGA1UEAwwK | |
c2hhcmUtZmlsZTETMBEGA1UECgwKc2hhcmUtZmlsZTCCASIwDQYJKoZIhvcNAQEB | |
BQADggEPADCCAQoCggEBAM2IKlncYk5DxXvLXFJ+uPWAqQjKZ1pxDpGGj0n4wI9o | |
2EfZ6Zxe7oWOi8Sw0+NkOIgLVQ6Bxpu/E1sioEDd2X5RiQHwFGKgmc0dbQn6+VcJ | |
V1gseaJhxnTjrIaFNrt11ZpKpBytNt1nfJArMjl47Ld9Kfs8/CqLSlNOgZBZN2G4 | |
Qof23zhjA4raYmf1KeGCH3lozmRUcYc/NacPJqB3DvpMkk7DqrTYs0ioSFfVOBR6 | |
483Ycq3Hvem9j+6ld3DtRbrcZ1Y4PAYlVFDdMVmAYNUfdV+4s7Mdzkpsq2YR4ZSp | |
Ic/77GCx/XQxH3BxBgxBq2IMXAqCJm37y9nZ49rC3csCAwEAAaNjMGEwCQYDVR0T | |
BAIwADAdBgNVHQ4EFgQUvyRTIppc4KcivSpiK37hxyJDTpowHwYDVR0jBBgwFoAU | |
YlET5Ll2Ppmq2KiUCmzkb8N1t/UwFAYDVR0RBA0wC4IJbG9jYWxob3N0MA0GCSqG | |
SIb3DQEBCwUAA4IBAQCMtYfJpMbbsZSSn9aHfpCmG94qRbypQSxoqia8+vLDEoZj | |
Ng25yGUCJrcIGbS9MbRvFzGzzjliDVdZ1twcSO/WhSa+nOg03iFDFhuDJv3e7eOY | |
sRWPZ1RSvAHv+axnkx2kw/dXTP1689HZxze4uQZ7H64N+3tlyl0v7Wip1nMo10c+ | |
lJoi8oKFzU2VAwz3Ytu/zGsZogAn18hc+ixKTVhvlqY0HmVce2WeEY+X7VNrpZ2C | |
DN27xhB/mCckMHPhqnsaSOYBqseaLOWweVGlvduZMJKJVLPpIJ4VkouGkw9/aEsY | |
vu5915Cb0S8C3bppt4DD2+Qv3LNTsB6L5wsCLqXZ | |
-----END CERTIFICATE----- | |
subject=CN = share-file, O = share-file | |
issuer=CN = share-file-ca, O = share-file | |
--- | |
No client certificate CA names sent | |
Peer signing digest: SHA256 | |
Peer signature type: RSA-PSS | |
Server Temp Key: X25519, 253 bits | |
--- | |
SSL handshake has read 1402 bytes and written 381 bytes | |
Verification: OK | |
--- | |
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 | |
Server public key is 2048 bit | |
Secure Renegotiation IS NOT supported | |
Compression: NONE | |
Expansion: NONE | |
No ALPN negotiated | |
Early data was not sent | |
Verify return code: 0 (ok) | |
--- | |
HTTP/1.0 403 Forbidden | |
Content-Type: text/plain | |
Unknown ALPN Protocol, expected `h2` to be available. | |
If this is a HTTP request: The server was not configured with the `allowHTTP1` option or a listener for the `unknownProtocol` event. | |
--- | |
Post-Handshake New Session Ticket arrived: | |
SSL-Session: | |
Protocol : TLSv1.3 | |
Cipher : TLS_AES_256_GCM_SHA384 | |
Session-ID: D1DC29B690347EF2E4304340BCCD15F3117B3165400CEC66A69D84D6078032A7 | |
Session-ID-ctx: | |
Resumption PSK: A9F13C166091FBF6BD95E26048E3C80682ED75CE9681725D19E88D9D02AC934230066BAB05DBB8D87014577E58BC127F | |
PSK identity: None | |
PSK identity hint: None | |
SRP username: None | |
TLS session ticket lifetime hint: 7200 (seconds) | |
TLS session ticket: | |
0000 - 85 15 d5 d2 0b 89 19 b8-d9 2d c5 7e 08 58 cd f6 .........-.~.X.. | |
0010 - 61 8d f7 f8 a9 d5 c6 f7-81 c7 fe ba 80 72 29 b9 a............r). | |
0020 - 0b f6 92 64 fb 02 fe 8e-bf ec aa 3c 19 98 ac ad ...d.......<.... | |
0030 - 42 c5 cf 7a 1e b0 d1 3a-e3 48 bc 33 86 69 0e 6e B..z...:.H.3.i.n | |
0040 - de b6 69 1a b2 97 6a 4f-c9 53 8e 71 b1 6e 16 c0 ..i...jO.S.q.n.. | |
0050 - 32 e6 64 31 85 c3 86 75-ee 90 ac 32 94 6f 15 d4 2.d1...u...2.o.. | |
0060 - 46 f1 af 9a 97 28 e3 c4-03 d9 b2 1c a7 23 f0 14 F....(.......#.. | |
0070 - f9 59 f6 e1 f4 1d d0 ab-48 4d d0 3f 40 a9 91 91 .Y......HM.?@... | |
0080 - 4b fc 46 dc 7e da e8 b8-e5 e4 a0 de 8b 51 71 a2 K.F.~........Qq. | |
0090 - 79 5f b3 63 ad a1 9a 95-2a fb d6 df f6 8c 58 39 y_.c....*.....X9 | |
00a0 - 66 78 f6 d1 8d 4d 9a 7d-77 e0 cd 07 bd 73 6f dc fx...M.}w....so. | |
00b0 - cd 09 e4 b6 34 65 95 ef-fa 18 79 9d d1 0d cd f2 ....4e....y..... | |
00c0 - 5e 29 bc 02 93 d3 fd 03-ec 8d 4f eb f7 c3 1e 5f ^)........O...._ | |
00d0 - dc 6e b0 bc f8 26 89 e0-a3 06 9d 01 24 5e 7f b5 .n...&......$^.. | |
00e0 - 5a fe 81 a1 e7 42 a6 f4-48 f5 65 66 5a 2d 16 c3 Z....B..H.efZ-.. | |
Start Time: 1646668691 | |
Timeout : 7200 (sec) | |
Verify return code: 0 (ok) | |
Extended master secret: no | |
Max Early Data: 0 | |
--- | |
read R BLOCK | |
--- | |
Post-Handshake New Session Ticket arrived: | |
SSL-Session: | |
Protocol : TLSv1.3 | |
Cipher : TLS_AES_256_GCM_SHA384 | |
Session-ID: D3CBA8603ACF7434DADD744AF337B4A6B0119B83631E7232ECD235B786F7B6BF | |
Session-ID-ctx: | |
Resumption PSK: 3FB873F8B538BC8909DAB169E31D4EB3FA434AC3A1EB4F71B02C1F62A0ABE43D915E0DA8B2045706CF65B52777B2E0E6 | |
PSK identity: None | |
PSK identity hint: None | |
SRP username: None | |
TLS session ticket lifetime hint: 7200 (seconds) | |
TLS session ticket: | |
0000 - 85 15 d5 d2 0b 89 19 b8-d9 2d c5 7e 08 58 cd f6 .........-.~.X.. | |
0010 - e0 b2 21 16 a7 55 aa 21-ff 11 a9 76 f3 02 de 67 ..!..U.!...v...g | |
0020 - 90 fd 9c 15 ac 7a e6 ea-7f 0d 3e f9 f7 2b 6a a8 .....z....>..+j. | |
0030 - 0c 89 22 39 9c c2 60 6f-b4 41 88 15 d3 e8 f1 48 .."9..`o.A.....H | |
0040 - a2 61 ec 47 19 d8 48 49-12 51 4e c8 f1 2b a8 82 .a.G..HI.QN..+.. | |
0050 - d3 43 25 03 fb 2d 34 af-49 aa 23 28 c1 17 44 16 .C%..-4.I.#(..D. | |
0060 - b9 95 a6 a5 1d a7 47 24-72 42 61 33 b4 4f 8e 57 ......G$rBa3.O.W | |
0070 - f2 29 a6 79 9d ad fe ac-4b d8 8a 71 9d 9e ee 8a .).y....K..q.... | |
0080 - 27 29 31 6f 3b 6c 55 91-58 0a 84 65 55 60 2b 6d ')1o;lU.X..eU`+m | |
0090 - 83 d0 9f 12 7d 6e 21 be-a3 fb 96 a9 fd 43 6f 58 ....}n!......CoX | |
00a0 - 4c a6 49 12 46 0a c8 0d-f2 56 b3 a7 b6 b1 24 64 L.I.F....V....$d | |
00b0 - 21 12 5c 1a 4f b4 b8 b7-83 84 52 11 6e 91 4c 74 !.\.O.....R.n.Lt | |
00c0 - b0 5a 76 93 b2 b2 f9 4f-ac 65 55 e7 58 d6 83 86 .Zv....O.eU.X... | |
00d0 - ad bb be 81 c3 60 5f 8f-00 7d ad 21 a1 7c 1c 92 .....`_..}.!.|.. | |
00e0 - 8d d2 9f ac c1 2b e5 44-3d 66 33 14 7c ae 95 c7 .....+.D=f3.|... | |
Start Time: 1646668691 | |
Timeout : 7200 (sec) | |
Verify return code: 0 (ok) | |
Extended master secret: no | |
Max Early Data: 0 | |
--- | |
read R BLOCK | |
read:errno=0 | |
--- | |
openSSL verification command: | |
openssl s_client -connect localhost:443 -servername localhost -verify_return_error -CAfile .\share-file.crt | |
--- | |
openSSL verification output: | |
CONNECTED(00000003) | |
depth=0 CN = share-file, O = share-file | |
verify error:num=20:unable to get local issuer certificate | |
140128422110528:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:../ssl/statem/statem_clnt.c:1913: | |
--- | |
no peer certificate available | |
--- | |
No client certificate CA names sent | |
Server Temp Key: X25519, 253 bits | |
--- | |
SSL handshake has read 1042 bytes and written 308 bytes | |
Verification error: unable to get local issuer certificate | |
--- | |
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 | |
Secure Renegotiation IS NOT supported | |
Compression: NONE | |
Expansion: NONE | |
No ALPN negotiated | |
Early data was not sent | |
Verify return code: 20 (unable to get local issuer certificate) | |
--- |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment