Yay, a well-trusted certificate :) May I ask if it's by design that there's no CN for the certificate? (Didn't even know this is possible :O )
May I also ask for default-forward to HTTPS when visiting cryptopp.com? BR JPM Am 17.09.2015 um 19:30 schrieb Jeffrey Walton: > Hi Everyone, > > Thanks to Comodo, we now have a server certificate that should > validate under all modern user agents. Comodo donated the certificate > to the project, which saved us over $500 USD (probably closer or $600 > or $700 USD). They also issued it for 3 years, and that will save us > considerable maintenance time. > > User agents will need to root trust in "AddTrust External CA Root" (or > one of the intermediates in the chain). I am pretty sure all modern > agents with a trust store have it. If you need it, then you can fetch > it from > https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/917/91/. > Below is the manual verification. > > For completeness, here is the public key again: > > Subject Key Identifier: > 01:5A:F4:9F:BE:DC:07:E8:DC:C9:4F:DB:52:41:18:2B:19:0F:CF:C3 > > $ openssl x509 -in cryptopp-com.cert.pem -inform PEM -pubkey > -----BEGIN PUBLIC KEY----- > MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxMXuW5lRJRU6Xh9Kl5rc > H8fRSpGSszG270skz9x5nImXOfcZ3dZgW9vTv3XVgXU4w0UDg6/ntmgJKqg7MAhg > uqfkEak3es3yuyOAZCDlJMkbuww5zs+TVLp5V0vQhe3AoBuFqtSnr3IvM4oP5Dci > 98mupgWlMk9RTFw0Xy5ZwWnWiIFzuqZBmK4kIt/RV61gRF/mh1CVNBtB4LTZvgBX > T33AXIzRMCn571WR1O6jakPKhL7YmSLbdMj6FLIlZboBvj+aNEqxcZO4hwwBRJVX > 5aNdRmRQBs42MvdXCwL2qF7cq5W4jrOIHb2pVhgVAA6Nv33UdoqViR+rJ2EYVGjr > 0wIDAQAB > -----END PUBLIC KEY----- > > Jeff > > $ openssl s_client -connect www.cryptopp.com:443 -tls1 -servername > www.cryptopp.com -CAfile AddTrustExternalCARoot.crt > CONNECTED(00000003) > depth=3 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, > CN = AddTrust External CA Root > verify return:1 > depth=2 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA > Limited, CN = COMODO RSA Certification Authority > verify return:1 > depth=1 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA > Limited, CN = COMODO RSA Domain Validation Secure Server CA > verify return:1 > depth=0 OU = Domain Control Validated, OU = COMODO SSL Unified > Communications > verify return:1 > --- > Certificate chain > 0 s:/OU=Domain Control Validated/OU=COMODO SSL Unified Communications > i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA > Limited/CN=COMODO RSA Domain Validation Secure Server CA > 1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA > Limited/CN=COMODO RSA Domain Validation Secure Server CA > i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA > Limited/CN=COMODO RSA Certification Authority > 2 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA > Limited/CN=COMODO RSA Certification Authority > i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust > External CA Root > --- > Server certificate > -----BEGIN CERTIFICATE----- > MIIFbTCCBFWgAwIBAgIRAN+cR2SqX7ZOORHSJO+ydF8wDQYJKoZIhvcNAQELBQAw > gZAxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO > BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTYwNAYD > VQQDEy1DT01PRE8gUlNBIERvbWFpbiBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2ZXIg > Q0EwHhcNMTUwOTE3MDAwMDAwWhcNMTgwOTE2MjM1OTU5WjBPMSEwHwYDVQQLExhE > b21haW4gQ29udHJvbCBWYWxpZGF0ZWQxKjAoBgNVBAsTIUNPTU9ETyBTU0wgVW5p > ZmllZCBDb21tdW5pY2F0aW9uczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC > ggEBAMTF7luZUSUVOl4fSpea3B/H0UqRkrMxtu9LJM/ceZyJlzn3Gd3WYFvb0791 > 1YF1OMNFA4Ov57ZoCSqoOzAIYLqn5BGpN3rN8rsjgGQg5STJG7sMOc7Pk1S6eVdL > 0IXtwKAbharUp69yLzOKD+Q3IvfJrqYFpTJPUUxcNF8uWcFp1oiBc7qmQZiuJCLf > 0VetYERf5odQlTQbQeC02b4AV099wFyM0TAp+e9VkdTuo2pDyoS+2Jki23TI+hSy > JWW6Ab4/mjRKsXGTuIcMAUSVV+WjXUZkUAbONjL3VwsC9qhe3KuVuI6ziB29qVYY > FQAOjb991HaKlYkfqydhGFRo69MCAwEAAaOCAgAwggH8MB8GA1UdIwQYMBaAFJCv > ajqUWgvYkOoSVnPfQ7Q6KNrnMB0GA1UdDgQWBBQBWvSfvtwH6NzJT9tSQRgrGQ/P > wzAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEF > BQcDAQYIKwYBBQUHAwIwTwYDVR0gBEgwRjA6BgsrBgEEAbIxAQICBzArMCkGCCsG > AQUFBwIBFh1odHRwczovL3NlY3VyZS5jb21vZG8uY29tL0NQUzAIBgZngQwBAgEw > VAYDVR0fBE0wSzBJoEegRYZDaHR0cDovL2NybC5jb21vZG9jYS5jb20vQ09NT0RP > UlNBRG9tYWluVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNybDCBhQYIKwYBBQUH > AQEEeTB3ME8GCCsGAQUFBzAChkNodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01P > RE9SU0FEb21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCQGCCsGAQUF > BzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wTgYDVR0RBEcwRYIMY3J5cHRv > cHAuY29tghBmdHAuY3J5cHRvcHAuY29tghF3aWtpLmNyeXB0b3BwLmNvbYIQd3d3 > LmNyeXB0b3BwLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAdUG1mkSHhu0wFvGhNWTQ > DTSJR6t8UR/nNH1DsUiNZwB6+upliz9U/KJkQ7WG+5ZN1QvrvC/KXTuZYMbs3jVm > SvJVmh/yR3FWpmzV8N1goTJ9/nT4r1ShIZWjMPD6UVd5wcXp73E5ph5L/TGC13B1 > souXmTWDBfPnUUo9PQL5X0hksbb3jJuZRnk8O+PFoPESbWsLigDFOj+2zGEw+ZYz > Kwnp7xczLq9Xe9mU9j6E/KgZGKViTy6u7K7tJAupVVro4UxwNPMaX337X9Oghd4k > PbxTkgD/xJ2bbt49+SRhf6Hc4ba8NCGklfQd2Hv4gohggl2Ni7nkQW1Q0g9PmtvN > sg== > -----END CERTIFICATE----- > subject=/OU=Domain Control Validated/OU=COMODO SSL Unified Communications > issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA > Limited/CN=COMODO RSA Domain Validation Secure Server CA > --- > No client certificate CA names sent > Server Temp Key: ECDH, P-256, 256 bits > --- > SSL handshake has read 5064 bytes and written 368 bytes > --- > New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA > Server public key is 2048 bit > Secure Renegotiation IS supported > No ALPN negotiated > SSL-Session: > Protocol : TLSv1 > Cipher : ECDHE-RSA-AES256-SHA > Session-ID: CB41CCBE9D4037683F83123641B494545D... > Session-ID-ctx: > Master-Key: 64D15573B6EB8CFBEAFD9BC6DFD2D96D... > Key-Arg : None > PSK identity: None > PSK identity hint: None > SRP username: None > TLS session ticket lifetime hint: 300 (seconds) > TLS session ticket: > 0000 - 97 46 41 ca fb 03 5d 49-98 11 dd 96 d7 74 83 da > .FA...]I.....t.. > 0010 - 77 a3 26 63 1f de 53 19-b0 01 23 73 fe 19 27 5b > w.&c..S...#s..'[ > 0020 - 88 bf bb 97 52 4b cb 9d-fa 01 92 28 83 d9 64 0e > ....RK.....(..d. > 0030 - f4 9c e7 db 12 10 9b 4c-26 f4 60 49 72 98 7b 3d > .......L&.`Ir.{= > 0040 - 90 09 67 9d 6c 5b b1 b9-4b 02 a0 69 88 22 5d 29 > ..g.l[..K..i."]) > 0050 - e8 ac b6 12 de fa 51 65-9e e3 61 42 4b d8 68 af > ......Qe..aBK.h. > 0060 - 0f 5a 35 e0 0b ad 25 58-bd 49 3c 15 8a d1 d2 e5 > .Z5...%X.I<..... > 0070 - fd 4c db 4b 44 77 7e 14-88 d9 00 cc d4 bf 16 82 > .L.KDw~......... > 0080 - 51 96 29 f1 da 8d cc 82-24 d6 24 29 8d 2a 57 f1 > Q.).....$.$).*W. > 0090 - 6f 0a 92 7a 40 b9 e1 be-c3 72 57 8f 37 5e 4a c1 > [email protected]^J. > 00a0 - 89 11 0f 8c b9 36 1f 26-80 55 77 87 23 80 e6 01 > .....6.&.Uw.#... > 00b0 - f4 ba ef 5d 3b 79 a0 f2-66 af 1a 49 89 52 86 67 > ...];y..f..I.R.g > 00c0 - 30 19 6f 97 0d 3b b4 eb-08 d0 f1 f1 8c 43 89 4d > 0.o..;.......C.M > > Start Time: 1442510652 > Timeout : 7200 (sec) > Verify return code: 0 (ok) > > -- > -- > You received this message because you are subscribed to the "Crypto++ > Users" Google Group. > To unsubscribe, send an email to > [email protected]. > More information about Crypto++ and this group is available at > http://www.cryptopp.com. > --- > You received this message because you are subscribed to the Google > Groups "Crypto++ Users" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected] > <mailto:[email protected]>. > For more options, visit https://groups.google.com/d/optout. -- -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com. --- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
smime.p7s
Description: S/MIME Cryptographic Signature
