bencdll Posted January 16, 2019 Share Posted January 16, 2019 When I go to a particular website in any browser on any computer I try, the certificate shows as valid. When I access the same site on Unraid (v6.6.6, via wget, etc) I have to force it to ignore certificate errors. I ran this command to check the certs and get the following results (redacted): # openssl s_client -showcerts -connect website:443 CONNECTED(00000003) depth=0 OU = Domain Control Validated, OU = GGSSL Wildcard SSL, CN = *.website verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 OU = Domain Control Validated, OU = GGSSL Wildcard SSL, CN = *.website verify error:num=21:unable to verify the first certificate verify return:1 --- Certificate chain 0 s:OU = Domain Control Validated, OU = GGSSL Wildcard SSL, CN = *.website i:C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Domain Validation Secure Server CA -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- --- Server certificate subject=OU = Domain Control Validated, OU = GGSSL Wildcard SSL, CN = *.website issuer=C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Domain Validation Secure Server CA --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 2476 bytes and written 454 bytes Verification error: unable to verify the first certificate --- New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES128-GCM-SHA256 Session-ID: B699B03B3CC9FB649AF35520ACAF4A5746BF1684B0677CB81A4AB3229384B9E0 Session-ID-ctx: Master-Key: D48D30ED8D6CB54D8738E1E5008123F0F9B029D35D6C1D850EFF1D093B93DE00D7DAF154C1CB2F8FA1D00BE3FC8290AF PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 300 (seconds) TLS session ticket: Start Time: 1547645618 Timeout : 7200 (sec) Verify return code: 21 (unable to verify the first certificate) Extended master secret: no --- read:errno=0 Am I missing a root CA, or something else? Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.