On 19/08/2014, Reco <recovery...@gmail.com> wrote: > Hi. > > On Tue, 19 Aug 2014 14:17:25 +0800 > Bret Busby <bret.bu...@gmail.com> wrote: > >> " >> SSL Errors: >> >> for: https://bistri.com/ >> The certificate has expired >> Do you want to ignore these errors? >> " > > Hmm. It appears that they practicing SSL Bump where you live. Can you > please post the output of: > > openssl s_client -host bistri.com -port 443 -showcerts > > dig bistri.com > > Reco > > > -- > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact > listmas...@lists.debian.org > Archive: > https://lists.debian.org/20140819184615.977949f2b41ce4eb4abe8...@gmail.com > >
See below. -- Bret Busby Armadale West Australia .............. "So once you do know what the question actually is, you'll know what the answer means." - Deep Thought, Chapter 28 of Book 1 of "The Hitchhiker's Guide to the Galaxy: A Trilogy In Four Parts", written by Douglas Adams, published by Pan Books, 1992 .................................................... :~$ openssl s_client -host bistri.com -port 443 -showcerts CONNECTED(00000003) depth=1 /O=AlphaSSL/CN=AlphaSSL CA - G2 verify error:num=20:unable to get local issuer certificate verify return:0 --- Certificate chain 0 s:/OU=Domain Control Validated/CN=*.bistri.com i:/O=AlphaSSL/CN=AlphaSSL CA - G2 -----BEGIN CERTIFICATE----- MIIEoTCCA4mgAwIBAgISESFcs46SSBuSGOuZib47rm0QMA0GCSqGSIb3DQEBBQUA MC4xETAPBgNVBAoTCEFscGhhU1NMMRkwFwYDVQQDExBBbHBoYVNTTCBDQSAtIEcy MB4XDTE0MDEwNjE1MjczMloXDTE1MDIyMDE1MDgwM1owOjEhMB8GA1UECxMYRG9t YWluIENvbnRyb2wgVmFsaWRhdGVkMRUwEwYDVQQDDAwqLmJpc3RyaS5jb20wggEi MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDfSw1PiJTd5d6FrvWr6h5SQcVc mvTcsjOkb9kz3a9err3mxeSgK2MGgvZTKpRireZcyZT+49Vhm1t8646RufAoXbYN VNTMB72M1TTub1nm1D3Yp8JZcLC0VxUqC2i9ahufiAz1v8fn+GTv8R7bUEzIIUnV Ti5A+RQdWNpS82xr7w2xAt/wQkKYls4KxBDAVZ6Q/qzDV5Aq3O19DQpfRXaaGbHV X8+/bn73cBiB4yi+CxYCtQ6irtOrtYa5Qgf5ErwForXqka7NTiZecfebyITwamjf Le5OLDWVclB+JikvN1oTKDkV7V+QFFSH6XOF7Vg8sWB16z3pf/i8eSL0LsidAgMB AAGjggGrMIIBpzAOBgNVHQ8BAf8EBAMCBaAwSQYDVR0gBEIwQDA+BgZngQwBAgEw NDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVwb3Np dG9yeS8wIwYDVR0RBBwwGoIMKi5iaXN0cmkuY29tggpiaXN0cmkuY29tMAkGA1Ud EwQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMDoGA1UdHwQzMDEw L6AtoCuGKWh0dHA6Ly9jcmwyLmFscGhhc3NsLmNvbS9ncy9nc2FscGhhZzIuY3Js MH8GCCsGAQUFBwEBBHMwcTA8BggrBgEFBQcwAoYwaHR0cDovL3NlY3VyZTIuYWxw aGFzc2wuY29tL2NhY2VydC9nc2FscGhhZzIuY3J0MDEGCCsGAQUFBzABhiVodHRw Oi8vb2NzcDIuZ2xvYmFsc2lnbi5jb20vZ3NhbHBoYWcyMB0GA1UdDgQWBBTsS8sy 58zT4gfBcW+970y6lb7DYTAfBgNVHSMEGDAWgBQU6hlV8A4NMsYfdDO3jmYaTBIx HjANBgkqhkiG9w0BAQUFAAOCAQEAMvVhSF7sJtNZh/fpitHFdPteDTJALAPzN2zX ymQAhMkQLJQzSVGc6AW5DqjNEO/wEUvxoj/pfrrYKsHUmbqlVz3qDRgzXW156NSL C8IuUggvpyYF/lm/CU3GuIeROygHLnauSjlwONd2fAhmSz8zGhsGnRei8jGtqWUM rHOzmWib/igh+D6IjTTEOs9gu8+p3YkVL0WIzg9+jcLgTj2w5h7EZc/wbjZlIN+s rv5CvSIPrhdY4x1gOWZn1bjlNA8Qlrz57Pt+hiKhCdLLBtwR4QkZ1BirVWBRX2Zs vgVFJzlTVK6cutyiwYeYpruVK6tqF2XlCszjzQR3I0Dm/Gii9Q== -----END CERTIFICATE----- 1 s:/O=AlphaSSL/CN=AlphaSSL CA - G2 i:/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA -----BEGIN CERTIFICATE----- MIIELzCCAxegAwIBAgILBAAAAAABL07hNwIwDQYJKoZIhvcNAQEFBQAwVzELMAkG A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xMTA0MTMxMDAw MDBaFw0yMjA0MTMxMDAwMDBaMC4xETAPBgNVBAoTCEFscGhhU1NMMRkwFwYDVQQD ExBBbHBoYVNTTCBDQSAtIEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEAw/BliN8b3caChy/JC7pUxmM/RnWsSxQfmHKLHBD/CalSbi9l32WEP1+Bstjx T9fwWrvJr9Ax3SZGKpme2KmjtrgHxMlx95WE79LqH1Sg5b7kQSFWMRBkfR5jjpxx XDygLt5n3MiaIPB1yLC2J4Hrlw3uIkWlwi80J+zgWRJRsx4F5Tgg0mlZelkXvhpL OQgSeTObZGj+WIHdiAxqulm0ryRPYeDK/Bda0jxyq6dMt7nqLeP0P5miTcgdWPh/ UzWO1yKIt2F2CBMTaWawV1kTMQpwgiuT1/biQBXQHQFyxxNYalrsGYkWPODIjYYq +jfwNTLd7OX+gI73BWe0i0J1NQIDAQABo4IBIzCCAR8wDgYDVR0PAQH/BAQDAgEG MBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFBTqGVXwDg0yxh90M7eOZhpM EjEeMEUGA1UdIAQ+MDwwOgYEVR0gADAyMDAGCCsGAQUFBwIBFiRodHRwczovL3d3 dy5hbHBoYXNzbC5jb20vcmVwb3NpdG9yeS8wMwYDVR0fBCwwKjAooCagJIYiaHR0 cDovL2NybC5nbG9iYWxzaWduLm5ldC9yb290LmNybDA9BggrBgEFBQcBAQQxMC8w LQYIKwYBBQUHMAGGIWh0dHA6Ly9vY3NwLmdsb2JhbHNpZ24uY29tL3Jvb3RyMTAf BgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0BAQUFAAOC AQEABjBCm89JAn6J6fWDWj0C87yyRt5KUO65mpBz2qBcJsqCrA6ts5T6KC6y5kk/ UHcOlS9o82U8nxTyaGCStvwEDfakGKFpYA3jnWhbvJ4LOFmNIdoj+pmKCbkfpy61 VWxH50Hs5uJ/r1VEOeCsdO5l0/qrUUgw8T53be3kD0CY7kd/jbZYJ82Sb2AjzAKb WSh4olGd0Eqc5ZNemI/L7z/K/uCvpMlbbkBYpZItvV1lVcW/fARB2aS1gOmUYAIQ OGoICNdTHC2Tr8kTe9RsxDrE+4CsuzpOVHrNTrM+7fH8EU6f9fMUvLmxMc72qi+l +MPpZqmyIJ3E+LgDYqeF0RhjWw== -----END CERTIFICATE----- --- Server certificate subject=/OU=Domain Control Validated/CN=*.bistri.com issuer=/O=AlphaSSL/CN=AlphaSSL CA - G2 --- No client certificate CA names sent --- SSL handshake has read 2436 bytes and written 447 bytes --- New, TLSv1/SSLv3, Cipher is AES256-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : AES256-SHA Session-ID: 86AF89BD798D56CF2A38BE3C3561137D899A932D1B4A06E05C6606894A3DB76D Session-ID-ctx: Master-Key: 7CAF67C4FDA26218E9044FAA08DC863BCB1BE75E93A2119DD4731B2C3713FC5C6CA6A2F3A7F23FFF5A74457A14D17C5D Key-Arg : None Start Time: 1408506673 Timeout : 300 (sec) Verify return code: 20 (unable to get local issuer certificate) --- closed .................................................... :~$ dig bistri.com ; <<>> DiG 9.7.3 <<>> bistri.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31671 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;bistri.com. IN A ;; ANSWER SECTION: bistri.com. 60 IN A 176.34.185.176 ;; Query time: 82 msec ;; SERVER: 10.1.1.1#53(10.1.1.1) ;; WHEN: Wed Aug 20 11:53:43 2014 ;; MSG SIZE rcvd: 44 .................................................... -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CACX6j8MaMfJrCi4r13ipESoOMj-CKnh+vtT=aumbtxbzkmo...@mail.gmail.com