Am 17.09.2015 um 20:34 schrieb Jean-Pierre Münch: > Yay, a well-trusted certificate :) > > May I ask if it's by design that there's no CN for the certificate? > (Didn't even know this is possible :O ) sorry, just ran a server test and realized that although there's no CN there are the usual alternative names (cryptopp.com www.cryptopp.com ,...). Although I think it's still unusual to have no CN at all... But maybe that's just me :) > > May I also ask for default-forward to HTTPS when visiting cryptopp.com? > > BR > > JPM > > Am 17.09.2015 um 19:30 schrieb Jeffrey Walton: >> Hi Everyone, >> >> Thanks to Comodo, we now have a server certificate that should >> validate under all modern user agents. Comodo donated the certificate >> to the project, which saved us over $500 USD (probably closer or $600 >> or $700 USD). They also issued it for 3 years, and that will save us >> considerable maintenance time. >> >> User agents will need to root trust in "AddTrust External CA Root" >> (or one of the intermediates in the chain). I am pretty sure all >> modern agents with a trust store have it. If you need it, then you >> can fetch it from >> https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/917/91/. >> Below is the manual verification. >> >> For completeness, here is the public key again: >> >> Subject Key Identifier: >> 01:5A:F4:9F:BE:DC:07:E8:DC:C9:4F:DB:52:41:18:2B:19:0F:CF:C3 >> >> $ openssl x509 -in cryptopp-com.cert.pem -inform PEM -pubkey >> -----BEGIN PUBLIC KEY----- >> MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxMXuW5lRJRU6Xh9Kl5rc >> H8fRSpGSszG270skz9x5nImXOfcZ3dZgW9vTv3XVgXU4w0UDg6/ntmgJKqg7MAhg >> uqfkEak3es3yuyOAZCDlJMkbuww5zs+TVLp5V0vQhe3AoBuFqtSnr3IvM4oP5Dci >> 98mupgWlMk9RTFw0Xy5ZwWnWiIFzuqZBmK4kIt/RV61gRF/mh1CVNBtB4LTZvgBX >> T33AXIzRMCn571WR1O6jakPKhL7YmSLbdMj6FLIlZboBvj+aNEqxcZO4hwwBRJVX >> 5aNdRmRQBs42MvdXCwL2qF7cq5W4jrOIHb2pVhgVAA6Nv33UdoqViR+rJ2EYVGjr >> 0wIDAQAB >> -----END PUBLIC KEY----- >> >> Jeff >> >> $ openssl s_client -connect www.cryptopp.com:443 -tls1 -servername >> www.cryptopp.com -CAfile AddTrustExternalCARoot.crt >> CONNECTED(00000003) >> depth=3 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, >> CN = AddTrust External CA Root >> verify return:1 >> depth=2 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA >> Limited, CN = COMODO RSA Certification Authority >> verify return:1 >> depth=1 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA >> Limited, CN = COMODO RSA Domain Validation Secure Server CA >> verify return:1 >> depth=0 OU = Domain Control Validated, OU = COMODO SSL Unified >> Communications >> verify return:1 >> --- >> Certificate chain >> 0 s:/OU=Domain Control Validated/OU=COMODO SSL Unified Communications >> i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA >> Limited/CN=COMODO RSA Domain Validation Secure Server CA >> 1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA >> Limited/CN=COMODO RSA Domain Validation Secure Server CA >> i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA >> Limited/CN=COMODO RSA Certification Authority >> 2 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA >> Limited/CN=COMODO RSA Certification Authority >> i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust >> External CA Root >> --- >> Server certificate >> -----BEGIN CERTIFICATE----- >> MIIFbTCCBFWgAwIBAgIRAN+cR2SqX7ZOORHSJO+ydF8wDQYJKoZIhvcNAQELBQAw >> gZAxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO >> BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTYwNAYD >> VQQDEy1DT01PRE8gUlNBIERvbWFpbiBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2ZXIg >> Q0EwHhcNMTUwOTE3MDAwMDAwWhcNMTgwOTE2MjM1OTU5WjBPMSEwHwYDVQQLExhE >> b21haW4gQ29udHJvbCBWYWxpZGF0ZWQxKjAoBgNVBAsTIUNPTU9ETyBTU0wgVW5p >> ZmllZCBDb21tdW5pY2F0aW9uczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC >> ggEBAMTF7luZUSUVOl4fSpea3B/H0UqRkrMxtu9LJM/ceZyJlzn3Gd3WYFvb0791 >> 1YF1OMNFA4Ov57ZoCSqoOzAIYLqn5BGpN3rN8rsjgGQg5STJG7sMOc7Pk1S6eVdL >> 0IXtwKAbharUp69yLzOKD+Q3IvfJrqYFpTJPUUxcNF8uWcFp1oiBc7qmQZiuJCLf >> 0VetYERf5odQlTQbQeC02b4AV099wFyM0TAp+e9VkdTuo2pDyoS+2Jki23TI+hSy >> JWW6Ab4/mjRKsXGTuIcMAUSVV+WjXUZkUAbONjL3VwsC9qhe3KuVuI6ziB29qVYY >> FQAOjb991HaKlYkfqydhGFRo69MCAwEAAaOCAgAwggH8MB8GA1UdIwQYMBaAFJCv >> ajqUWgvYkOoSVnPfQ7Q6KNrnMB0GA1UdDgQWBBQBWvSfvtwH6NzJT9tSQRgrGQ/P >> wzAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEF >> BQcDAQYIKwYBBQUHAwIwTwYDVR0gBEgwRjA6BgsrBgEEAbIxAQICBzArMCkGCCsG >> AQUFBwIBFh1odHRwczovL3NlY3VyZS5jb21vZG8uY29tL0NQUzAIBgZngQwBAgEw >> VAYDVR0fBE0wSzBJoEegRYZDaHR0cDovL2NybC5jb21vZG9jYS5jb20vQ09NT0RP >> UlNBRG9tYWluVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNybDCBhQYIKwYBBQUH >> AQEEeTB3ME8GCCsGAQUFBzAChkNodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01P >> RE9SU0FEb21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCQGCCsGAQUF >> BzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wTgYDVR0RBEcwRYIMY3J5cHRv >> cHAuY29tghBmdHAuY3J5cHRvcHAuY29tghF3aWtpLmNyeXB0b3BwLmNvbYIQd3d3 >> LmNyeXB0b3BwLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAdUG1mkSHhu0wFvGhNWTQ >> DTSJR6t8UR/nNH1DsUiNZwB6+upliz9U/KJkQ7WG+5ZN1QvrvC/KXTuZYMbs3jVm >> SvJVmh/yR3FWpmzV8N1goTJ9/nT4r1ShIZWjMPD6UVd5wcXp73E5ph5L/TGC13B1 >> souXmTWDBfPnUUo9PQL5X0hksbb3jJuZRnk8O+PFoPESbWsLigDFOj+2zGEw+ZYz >> Kwnp7xczLq9Xe9mU9j6E/KgZGKViTy6u7K7tJAupVVro4UxwNPMaX337X9Oghd4k >> PbxTkgD/xJ2bbt49+SRhf6Hc4ba8NCGklfQd2Hv4gohggl2Ni7nkQW1Q0g9PmtvN >> sg== >> -----END CERTIFICATE----- >> subject=/OU=Domain Control Validated/OU=COMODO SSL Unified Communications >> issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA >> Limited/CN=COMODO RSA Domain Validation Secure Server CA >> --- >> No client certificate CA names sent >> Server Temp Key: ECDH, P-256, 256 bits >> --- >> SSL handshake has read 5064 bytes and written 368 bytes >> --- >> New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA >> Server public key is 2048 bit >> Secure Renegotiation IS supported >> No ALPN negotiated >> SSL-Session: >> Protocol : TLSv1 >> Cipher : ECDHE-RSA-AES256-SHA >> Session-ID: CB41CCBE9D4037683F83123641B494545D... >> Session-ID-ctx: >> Master-Key: 64D15573B6EB8CFBEAFD9BC6DFD2D96D... >> Key-Arg : None >> PSK identity: None >> PSK identity hint: None >> SRP username: None >> TLS session ticket lifetime hint: 300 (seconds) >> TLS session ticket: >> 0000 - 97 46 41 ca fb 03 5d 49-98 11 dd 96 d7 74 83 da >> .FA...]I.....t.. >> 0010 - 77 a3 26 63 1f de 53 19-b0 01 23 73 fe 19 27 5b >> w.&c..S...#s..'[ >> 0020 - 88 bf bb 97 52 4b cb 9d-fa 01 92 28 83 d9 64 0e >> ....RK.....(..d. >> 0030 - f4 9c e7 db 12 10 9b 4c-26 f4 60 49 72 98 7b 3d >> .......L&.`Ir.{= >> 0040 - 90 09 67 9d 6c 5b b1 b9-4b 02 a0 69 88 22 5d 29 >> ..g.l[..K..i."]) >> 0050 - e8 ac b6 12 de fa 51 65-9e e3 61 42 4b d8 68 af >> ......Qe..aBK.h. >> 0060 - 0f 5a 35 e0 0b ad 25 58-bd 49 3c 15 8a d1 d2 e5 >> .Z5...%X.I<..... >> 0070 - fd 4c db 4b 44 77 7e 14-88 d9 00 cc d4 bf 16 82 >> .L.KDw~......... >> 0080 - 51 96 29 f1 da 8d cc 82-24 d6 24 29 8d 2a 57 f1 >> Q.).....$.$).*W. >> 0090 - 6f 0a 92 7a 40 b9 e1 be-c3 72 57 8f 37 5e 4a c1 >> [email protected]^J. >> 00a0 - 89 11 0f 8c b9 36 1f 26-80 55 77 87 23 80 e6 01 >> .....6.&.Uw.#... >> 00b0 - f4 ba ef 5d 3b 79 a0 f2-66 af 1a 49 89 52 86 67 >> ...];y..f..I.R.g >> 00c0 - 30 19 6f 97 0d 3b b4 eb-08 d0 f1 f1 8c 43 89 4d >> 0.o..;.......C.M >> >> Start Time: 1442510652 >> Timeout : 7200 (sec) >> Verify return code: 0 (ok) >> >> -- >> -- >> You received this message because you are subscribed to the "Crypto++ >> Users" Google Group. >> To unsubscribe, send an email to >> [email protected]. >> More information about Crypto++ and this group is available at >> http://www.cryptopp.com. >> --- >> You received this message because you are subscribed to the Google >> Groups "Crypto++ Users" group. >> To unsubscribe from this group and stop receiving emails from it, >> send an email to [email protected] >> <mailto:[email protected]>. >> For more options, visit https://groups.google.com/d/optout. > > -- > -- > You received this message because you are subscribed to the "Crypto++ > Users" Google Group. > To unsubscribe, send an email to > [email protected]. > More information about Crypto++ and this group is available at > http://www.cryptopp.com. > --- > You received this message because you are subscribed to the Google > Groups "Crypto++ Users" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected] > <mailto:[email protected]>. > For more options, visit https://groups.google.com/d/optout.
-- -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com. --- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
