bencdll

Members
 View Profile  See their activity

  • Posts

    1

  • Joined

  • Last visited

bencdll's Achievements

Noob

Noob (1/14)

0

Reputation

  1. bencdll
    When I go to a particular website in any browser on any computer I try, the certificate shows as valid. When I access the same site on Unraid (v6.6.6, via wget, etc) I have to force it to ignore certificate errors. I ran this command to check the certs and get the following results (redacted): # openssl s_client -showcerts -connect website:443 CONNECTED(00000003) depth=0 OU = Domain Control Validated, OU = GGSSL Wildcard SSL, CN = *.website verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 OU = Domain Control Validated, OU = GGSSL Wildcard SSL, CN = *.website verify error:num=21:unable to verify the first certificate verify return:1 --- Certificate chain 0 s:OU = Domain Control Validated, OU = GGSSL Wildcard SSL, CN = *.website i:C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Domain Validation Secure Server CA -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- --- Server certificate subject=OU = Domain Control Validated, OU = GGSSL Wildcard SSL, CN = *.website issuer=C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Domain Validation Secure Server CA --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 2476 bytes and written 454 bytes Verification error: unable to verify the first certificate --- New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES128-GCM-SHA256 Session-ID: B699B03B3CC9FB649AF35520ACAF4A5746BF1684B0677CB81A4AB3229384B9E0 Session-ID-ctx: Master-Key: D48D30ED8D6CB54D8738E1E5008123F0F9B029D35D6C1D850EFF1D093B93DE00D7DAF154C1CB2F8FA1D00BE3FC8290AF PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 300 (seconds) TLS session ticket: Start Time: 1547645618 Timeout : 7200 (sec) Verify return code: 21 (unable to verify the first certificate) Extended master secret: no --- read:errno=0 Am I missing a root CA, or something else?