Oops, thought I did that: # openssl s_client -connect 216.121.17.252:443 CONNECTED(00000003) depth=1 C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", OU = http://certificates.godaddy.com/repository, CN = Go Daddy Secure Certification Authority, serialNumber = 07969287 verify error:num=20:unable to get local issuer certificate verify return:0 --- Certificate chain 0 s:/C=US/ST=Texas/L=Dallas/O=ARTIZONE INC./CN=*.artizone.com i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=07969287 1 s:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=07969287 i:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority --- Server certificate -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- subject=/C=US/ST=Texas/L=Dallas/O=ARTIZONE INC./CN=*.artizone.com issuer=/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=07969287 --- No client certificate CA names sent --- SSL handshake has read 3247 bytes and written 570 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-SHA384 Session-ID: 3E310000B5ECB76581C58C94477A6DA925EB0245BF3EAA9103CA81179289FCAB Session-ID-ctx: Master-Key: 60BCC13E943926E284767D695B3B61F47837D1E034DAF28D7AAB4CC557FB73E56AE52FEBFC4D6C717F5DE29550E59F05 Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1416348829 Timeout : 300 (sec) Verify return code: 20 (unable to get local issuer certificate) --- GET / ... <html> ...
Works both with and without the '-tlsv1' flag. - Brian Menges DevOps Architect @ GoGrid, LLC. -----Original Message----- From: Lukas Tribus [mailto:[email protected]] Sent: Tuesday, November 18, 2014 1:51 PM To: Brian Menges; [email protected] Subject: RE: debugging ssl passthrough+haproxy > Getting the same sort of reply: > # openssl s_client -connect 216.121.28.78:443 No, I meant to connect to the origin server, not haproxy itself, but from the proxy VM: openssl s_client -connect 216.121.17.252:443 Regards, Lukas ________________________________ The information contained in this message, and any attachments, may contain confidential and legally privileged material. It is solely for the use of the person or entity to which it is addressed. Any review, retransmission, dissemination, or action taken in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you receive this in error, please contact the sender and delete the material from any computer.
