[Openid-specs-ab] Certificates on Certification Site

Brian Campbell bcampbell at pingidentity.com
Wed Mar 18 16:45:16 UTC 2015


If I'm reading openssl's output correctly, it's still not including
the intermediate.


$ openssl s_client -connect  op.certification.openid.net:60000
CONNECTED(00000003)
depth=0
/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware/businessCategory=Private
Organization/serialNumber=2158113/C=US/postalCode=94043/ST=California/L=Mountain
View/street=350 Ellis Street/O=Symantec Corporation/OU=Cloud Platform
Engineering
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0
/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware/businessCategory=Private
Organization/serialNumber=2158113/C=US/postalCode=94043/ST=California/L=Mountain
View/street=350 Ellis Street/O=Symantec Corporation/OU=Cloud Platform
Engineering
verify error:num=27:certificate not trusted
verify return:1
depth=0
/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware/businessCategory=Private
Organization/serialNumber=2158113/C=US/postalCode=94043/ST=California/L=Mountain
View/street=350 Ellis Street/O=Symantec Corporation/OU=Cloud Platform
Engineering
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0
s:/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware/businessCategory=Private
Organization/serialNumber=2158113/C=US/postalCode=94043/ST=California/L=Mountain
View/street=350 Ellis Street/O=Symantec Corporation/OU=Cloud Platform
Engineering/CN=op.certification.openid.net
   i:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec
Class 3 EV SSL CA - G3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIHKjCCBhKgAwIBAgIQDRyJD75wYaMnuXDaL8O5CjANBgkqhkiG9w0BAQsFADB3
MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd
BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxKDAmBgNVBAMTH1N5bWFudGVj
IENsYXNzIDMgRVYgU1NMIENBIC0gRzMwHhcNMTUwMjE3MDAwMDAwWhcNMTcwMjE3
MjM1OTU5WjCCATAxEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIB
AgwIRGVsYXdhcmUxHTAbBgNVBA8TFFByaXZhdGUgT3JnYW5pemF0aW9uMRAwDgYD
VQQFEwcyMTU4MTEzMQswCQYDVQQGEwJVUzEOMAwGA1UEEQwFOTQwNDMxEzARBgNV
BAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxGTAXBgNVBAkM
EDM1MCBFbGxpcyBTdHJlZXQxHTAbBgNVBAoMFFN5bWFudGVjIENvcnBvcmF0aW9u
MSMwIQYDVQQLDBpDbG91ZCBQbGF0Zm9ybSBFbmdpbmVlcmluZzEkMCIGA1UEAwwb
b3AuY2VydGlmaWNhdGlvbi5vcGVuaWQubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAy18YtrcaXsiPUjBvA5YmdIysHXoYJc++06Eg3MTlwW1tRBh9
axi5XHWmBFm1g5AWXkcf3vFweGXqcKOeZ0UPNVxDU0Wsn7TScaVcxRk2gdLkoVX9
R9wPY3KNEaHsTx7rMOrIrdbeMuHPgMrSp2ovLWeJq5mARdyxjeTjp73VJPoDQADF
qO74cmoL/EyUqy/MYmDIgGG7SAl8i2QOPP0NQmZJpAmghG8aL1WDUac5T8qkAlj7
AUkOPW3gSdWkgf1XjXLPqzvjBCv7E+WiubTSYwxSWKSV+xIUrJskTt9MpHSpfA5i
tn6ySTtSKEFcYffzqL0gmr+CZXxjf6I4RNlnfQIDAQABo4IC9TCCAvEwJgYDVR0R
BB8wHYIbb3AuY2VydGlmaWNhdGlvbi5vcGVuaWQubmV0MAkGA1UdEwQCMAAwDgYD
VR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBmBgNV
HSAEXzBdMFsGC2CGSAGG+EUBBxcGMEwwIwYIKwYBBQUHAgEWF2h0dHBzOi8vZC5z
eW1jYi5jb20vY3BzMCUGCCsGAQUFBwICMBkaF2h0dHBzOi8vZC5zeW1jYi5jb20v
cnBhMB8GA1UdIwQYMBaAFAFZq+fdOgtZpmRj1s8gB1fVkedqMCsGA1UdHwQkMCIw
IKAeoByGGmh0dHA6Ly9zci5zeW1jYi5jb20vc3IuY3JsMFcGCCsGAQUFBwEBBEsw
STAfBggrBgEFBQcwAYYTaHR0cDovL3NyLnN5bWNkLmNvbTAmBggrBgEFBQcwAoYa
aHR0cDovL3NyLnN5bWNiLmNvbS9zci5jcnQwggF8BgorBgEEAdZ5AgQCBIIBbASC
AWgBZgB1AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABS5mVPBQA
AAQDAEYwRAIgEWZrnpfk5KxkNOS2fAJhejH7FNruS7AY17KxeBM+FjACIGoT8y58
cEzct7HRIkGqPjRvTe1WcMoB2luFC8+wQoW1AHUAVhQGmi/XwuzT9eG9RLI+x0Z2
ubyZEVzA75SYVdaJ0N0AAAFLmZU+JAAABAMARjBEAiA+wsXCQI7RcfLTuLD9PfqM
oJxL46fdGtqHFETTmwgopwIgWWlV/j9DRXnpzZFERVrnhICUzaie7SpfPcJUs48u
QzUAdgBo9pj4H2SCvjqM7rkoHUz8cVFdZ5PURNEKZ6y7T0/7xAAAAUuZlTwIAAAE
AwBHMEUCIQCOjiOcSMRuCtHwsQIHGyynPhmceRZU6TtAb587tO7JZwIgSUJ8PGM8
XQ/CEIiSGuLwG/SdiyEBKgqO69iylnty8rQwDQYJKoZIhvcNAQELBQADggEBAJcQ
0bVMn5JBaUzxknIj8K5pAbetQZaF8dvjnylZrcytfrDB/RBYPhUC3mpS1YB47Oqf
F9oBjSA+fqWlgF/qKBEDF3bz7cAsGKQmrICnZzXGncyH6IXXbkDnXT+nDwYPln1V
HNvBrs7ImTFpvcpFdksNKFfM/fh+DfChWU4+817AMdSWf4RO/gfEAv7FAd3qV4fR
3U1vDvDp4bJB4gCSKjXCecQfJI5iAVSU/SgggjMXybCLXvxcRpQ0U6uBq3vHjao1
t1fK0yP5f4wdxaC2nDn+d6Q1RoXstorgTF8ysVLTnE2iKjoWzjlf4M/AO/ckcmW8
0DKvHlqA2G04svnXScY=
-----END CERTIFICATE-----
subject=/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware/businessCategory=Private
Organization/serialNumber=2158113/C=US/postalCode=94043/ST=California/L=Mountain
View/street=350 Ellis Street/O=Symantec Corporation/OU=Cloud Platform
Engineering/CN=op.certification.openid.net
issuer=/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec
Class 3 EV SSL CA - G3
---
No client certificate CA names sent
---
SSL handshake has read 2007 bytes and written 456 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : AES256-SHA
    Session-ID:
FA4A07CC3ED38F80A8B70D1F2D89BEF8A449CE5A77CD140D86F32F17F5156DFB
    Session-ID-ctx:
    Master-Key:
9B560C7E194B9B6A1E0A430F662B3F7ADDD1C3F1D94C8E6C03C2663AD98A73BBB4AB973F58D3273F150A195A89B81A83
    Key-Arg   : None
    Start Time: 1426696945
    Timeout   : 300 (sec)
    Verify return code: 21 (unable to verify the first certificate)
---
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20150318/31f476ef/attachment.html>


More information about the Openid-specs-ab mailing list