--On Thursday, January 7, 2021 8:56 PM -0500 Viktor Dukhovni
<openssl-users@xxxxxxxxxxxx> wrote:
You're leaving out too much detail. Post the full client hello decoded
by "tshark":
https://www.spinics.net/lists/openssl-users/msg05623.html
Thanks Viktor. Mainly, I wasn't sure what specific information would be
necessary. Here's what wireshark shows (IP addresses obfuscated):
No. Time UTC Source
Length Destination Protocol Info
1 0.000000 2021-01-07 21:19:53.417328 255.255.255.223
68 255.255.255.198 TCP 51466→636 [SYN, ECN, CWR] Seq=0
Win=8192 Len=0 MSS=1380 WS=256 SACK_PERM=1
Frame 1: 68 bytes on wire (544 bits), 68 bytes captured (544 bits)
Linux cooked capture
Internet Protocol Version 4, Src: 255.255.255.223, Dst: 255.255.255.198
Transmission Control Protocol, Src Port: 51466, Dst Port: 636, Seq: 0, Len:
0
No. Time UTC Source
Length Destination Protocol Info
2 0.000081 2021-01-07 21:19:53.417409 255.255.255.198
68 255.255.255.223 TCP 636→51466 [SYN, ACK] Seq=0 Ack=1
Win=64240 Len=0 MSS=1460 SACK_PERM=1 WS=128
Frame 2: 68 bytes on wire (544 bits), 68 bytes captured (544 bits)
Linux cooked capture
Internet Protocol Version 4, Src: 255.255.255.198, Dst: 255.255.255.223
Transmission Control Protocol, Src Port: 636, Dst Port: 51466, Seq: 0, Ack:
1, Len: 0
No. Time UTC Source
Length Destination Protocol Info
3 0.000462 2021-01-07 21:19:53.417790 255.255.255.223
62 255.255.255.198 TCP 51466→636 [ACK] Seq=1 Ack=1
Win=2097408 Len=0
Frame 3: 62 bytes on wire (496 bits), 62 bytes captured (496 bits)
Linux cooked capture
Internet Protocol Version 4, Src: 255.255.255.223, Dst: 255.255.255.198
Transmission Control Protocol, Src Port: 51466, Dst Port: 636, Seq: 1, Ack:
1, Len: 0
VSS-Monitoring ethernet trailer, Source Port: 0
No. Time UTC Source
Length Destination Protocol Info
4 0.004053 2021-01-07 21:19:53.421381 255.255.255.223
484 255.255.255.198 TLSv1.2 Client Hello
Frame 4: 484 bytes on wire (3872 bits), 484 bytes captured (3872 bits)
Linux cooked capture
Internet Protocol Version 4, Src: 255.255.255.223, Dst: 255.255.255.198
Transmission Control Protocol, Src Port: 51466, Dst Port: 636, Seq: 1, Ack:
1, Len: 428
Secure Sockets Layer
TLSv1.2 Record Layer: Handshake Protocol: Client Hello
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 423
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Length: 419
Version: TLS 1.2 (0x0303)
Random
GMT Unix Time: Oct 2, 2014 19:22:16.000000000 MDT
Random Bytes:
3226c3627d2ba7c967ce2cf097e616d9cbe45d1bb1cc21f4...
Session ID Length: 32
Session ID: bde8c16349a08e56a121b6e7aa1f317acf42186ba79b134d...
Cipher Suites Length: 88
Cipher Suites (44 suites)
Cipher Suite: Unknown (0x1301)
Cipher Suite: Unknown (0x1302)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
(0xc02c)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
(0xc02b)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
(0xc02e)
Cipher Suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 (0xc032)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009f)
Cipher Suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 (0x00a3)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
(0xc02d)
Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 (0xc031)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 (0x00a2)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
(0xc024)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
(0xc026)
Cipher Suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 (0xc02a)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006b)
Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (0x006a)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA (0xc005)
Cipher Suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA (0xc00f)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
(0xc023)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
(0xc025)
Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 (0xc029)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (0x0040)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004)
Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
Compression Methods Length: 1
Compression Methods (1 method)
Extensions Length: 258
Extension: server_name
Type: server_name (0x0000)
Length: 35
Server Name Indication extension
Server Name list length: 33
Server Name Type: host_name (0)
Server Name length: 30
Server Name: directory.srv.TEST.ualberta.ca
Extension: status_request
Type: status_request (0x0005)
Length: 5
Certificate Status Type: OCSP (1)
Responder ID list Length: 0
Request Extensions Length: 0
Extension: elliptic_curves
Type: elliptic_curves (0x000a)
Length: 32
Elliptic Curves Length: 30
Elliptic curves (15 curves)
Extension: ec_point_formats
Type: ec_point_formats (0x000b)
Length: 2
EC point formats Length: 1
Elliptic curves point formats (1)
Extension: signature_algorithms
Type: signature_algorithms (0x000d)
Length: 22
Signature Hash Algorithms Length: 20
Signature Hash Algorithms (10 algorithms)
Signature Hash Algorithm: 0x0403
Signature Hash Algorithm Hash: SHA256 (4)
Signature Hash Algorithm Signature: ECDSA (3)
Signature Hash Algorithm: 0x0503
Signature Hash Algorithm Hash: SHA384 (5)
Signature Hash Algorithm Signature: ECDSA (3)
Signature Hash Algorithm: 0x0603
Signature Hash Algorithm Hash: SHA512 (6)
Signature Hash Algorithm Signature: ECDSA (3)
Signature Hash Algorithm: 0x0401
Signature Hash Algorithm Hash: SHA256 (4)
Signature Hash Algorithm Signature: RSA (1)
Signature Hash Algorithm: 0x0501
Signature Hash Algorithm Hash: SHA384 (5)
Signature Hash Algorithm Signature: RSA (1)
Signature Hash Algorithm: 0x0601
Signature Hash Algorithm Hash: SHA512 (6)
Signature Hash Algorithm Signature: RSA (1)
Signature Hash Algorithm: 0x0402
Signature Hash Algorithm Hash: SHA256 (4)
Signature Hash Algorithm Signature: DSA (2)
Signature Hash Algorithm: 0x0203
Signature Hash Algorithm Hash: SHA1 (2)
Signature Hash Algorithm Signature: ECDSA (3)
Signature Hash Algorithm: 0x0201
Signature Hash Algorithm Hash: SHA1 (2)
Signature Hash Algorithm Signature: RSA (1)
Signature Hash Algorithm: 0x0202
Signature Hash Algorithm Hash: SHA1 (2)
Signature Hash Algorithm Signature: DSA (2)
Extension: Unknown 50
Type: Unknown (0x0032)
Length: 22
Data (22 bytes)
Extension: status_request_v2
Type: status_request_v2 (0x0011)
Length: 9
Certificate Status Type: OCSP Multi (2)
Certificate Status Length: 4
Responder ID list Length: 0
Request Extensions Length: 0
Extension: Extended Master Secret
Type: Extended Master Secret (0x0017)
Length: 0
Extension: Unknown 43
Type: Unknown (0x002b)
Length: 9
Data (9 bytes)
Extension: Unknown 45
Type: Unknown (0x002d)
Length: 2
Data (2 bytes)
Extension: Unknown 51
Type: Unknown (0x0033)
Length: 71
Data (71 bytes)
Extension: renegotiation_info
Type: renegotiation_info (0xff01)
Length: 1
Renegotiation Info extension
Renegotiation info extension length: 0
No. Time UTC Source
Length Destination Protocol Info
5 0.004070 2021-01-07 21:19:53.421398 255.255.255.198
56 255.255.255.223 TCP 636→51466 [ACK] Seq=1 Ack=429
Win=64128 Len=0
Frame 5: 56 bytes on wire (448 bits), 56 bytes captured (448 bits)
Linux cooked capture
Internet Protocol Version 4, Src: 255.255.255.198, Dst: 255.255.255.223
Transmission Control Protocol, Src Port: 636, Dst Port: 51466, Seq: 1, Ack:
429, Len: 0
No. Time UTC Source
Length Destination Protocol Info
6 0.004332 2021-01-07 21:19:53.421660 255.255.255.198
63 255.255.255.223 TLSv1.2 Alert (Level: Fatal, Description:
Handshake Failure)
Frame 6: 63 bytes on wire (504 bits), 63 bytes captured (504 bits)
Linux cooked capture
Internet Protocol Version 4, Src: 255.255.255.198, Dst: 255.255.255.223
Transmission Control Protocol, Src Port: 636, Dst Port: 51466, Seq: 1, Ack:
429, Len: 7
Secure Sockets Layer
TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Handshake
Failure)
Content Type: Alert (21)
Version: TLS 1.2 (0x0303)
Length: 2
Alert Message
Level: Fatal (2)
Description: Handshake Failure (40)
And here's the output from tshark:
0000 00 00 00 01 00 06 a2 01 00 00 01 6a 00 00 08 00 ...........j....
0010 45 02 00 34 27 36 40 00 7e 06 e2 fd FF FF FF df E..4'6@.~.....a.
0020 FF FF FF c6 c9 0a 02 7c f9 79 74 f4 00 00 00 00 ..r....|.yt.....
0030 80 c2 20 00 22 1d 00 00 02 04 05 64 01 03 03 08 .. ."......d....
0040 01 01 04 02 ....
0000 00 04 00 01 00 06 00 50 56 a2 57 0e 00 00 08 00 .......PV.W.....
0010 45 00 00 34 00 00 40 00 40 06 48 36 FF FF FF c6 E..4..@.@.H6..r.
0020 FF FF FF df 02 7c c9 0a 23 63 fa 85 f9 79 74 f5 ..a..|..#c...yt.
0030 80 12 fa f0 f2 b4 00 00 02 04 05 b4 01 01 04 02 ................
0040 01 03 03 07 ....
0000 00 00 00 01 00 06 a2 01 00 00 01 6a 00 00 08 00 ...........j....
0010 45 00 00 28 27 37 40 00 7e 06 e3 0a FF FF FF df E..('7@.~.....a.
0020 FF FF FF c6 c9 0a 02 7c f9 79 74 f5 23 63 fa 86 ..r....|.yt.#c..
0030 50 10 20 01 45 65 00 00 00 00 00 00 00 00 P. .Ee........
0000 00 00 00 01 00 06 a2 01 00 00 01 6a 00 00 08 00 ...........j....
0010 45 00 01 d4 27 38 40 00 7e 06 e1 5d FF FF FF df E...'8@.~..]..a.
0020 FF FF FF c6 c9 0a 02 7c f9 79 74 f5 23 63 fa 86 ..r....|.yt.#c..
0030 50 18 20 01 49 33 00 00 16 03 03 01 a7 01 00 01 P. .I3..........
0040 a3 03 03 54 2d fa 48 32 26 c3 62 7d 2b a7 c9 67 ...T-.H2&.b}+..g
0050 ce 2c f0 97 e6 16 d9 cb e4 5d 1b b1 cc 21 f4 6d .,.......]...!.m
0060 8d c3 96 20 bd e8 c1 63 49 a0 8e 56 a1 21 b6 e7 ... ...cI..V.!..
0070 aa 1f 31 7a cf 42 18 6b a7 9b 13 4d d3 aa 55 01 ..1z.B.k...M..U.
0080 d0 e3 a0 c9 00 58 13 01 13 02 c0 2c c0 2b c0 30 .....X.....,.+.0
0090 00 9d c0 2e c0 32 00 9f 00 a3 c0 2f 00 9c c0 2d .....2...../...-
00a0 c0 31 00 9e 00 a2 c0 24 c0 28 00 3d c0 26 c0 2a .1.....$.(.=.&.*
00b0 00 6b 00 6a c0 0a c0 14 00 35 c0 05 c0 0f 00 39 .k.j.....5.....9
00c0 00 38 c0 23 c0 27 00 3c c0 25 c0 29 00 67 00 40 .8.#.'.<.%.).g.@
00d0 c0 09 c0 13 00 2f c0 04 c0 0e 00 33 00 32 01 00 ...../.....3.2..
00e0 01 02 00 00 00 23 00 21 00 00 1e 64 69 72 65 63 .....#.!...direc
00f0 74 6f 72 79 2e 73 72 76 2e 54 45 53 54 2e 75 61 tory.srv.TEST.ua
0100 6c 62 65 72 74 61 2e 63 61 00 05 00 05 01 00 00 lberta.ca.......
0110 00 00 00 0a 00 20 00 1e 00 17 00 18 00 19 00 09 ..... ..........
0120 00 0a 00 0b 00 0c 00 0d 00 0e 00 16 01 00 01 01 ................
0130 01 02 01 03 01 04 00 0b 00 02 01 00 00 0d 00 16 ................
0140 00 14 04 03 05 03 06 03 04 01 05 01 06 01 04 02 ................
0150 02 03 02 01 02 02 00 32 00 16 00 14 04 03 05 03 .......2........
0160 06 03 04 01 05 01 06 01 04 02 02 03 02 01 02 02 ................
0170 00 11 00 09 00 07 02 00 04 00 00 00 00 00 17 00 ................
0180 00 00 2b 00 09 08 03 04 03 03 03 02 03 01 00 2d ..+............-
0190 00 02 01 01 00 33 00 47 00 45 00 17 00 41 04 04 .....3.G.E...A..
01a0 c8 eb 79 4d 02 24 a3 68 25 9d 5a 07 77 bf bb 06 ..yM.$.h%.Z.w...
01b0 c8 36 c0 96 1a 5c 88 e2 8a dd a9 17 4a 6c d6 c5 .6...\......Jl..
01c0 71 f5 f0 43 d7 d2 c1 67 95 d9 75 b9 4f f1 e2 8d q..C...g..u.O...
01d0 40 23 d0 02 39 f7 83 f5 b8 05 75 a2 f3 3d ae ff @#..9.....u..=..
01e0 01 00 01 00 ....
0000 00 04 00 01 00 06 00 50 56 a2 57 0e 00 00 08 00 .......PV.W.....
0010 45 00 00 28 9b 8c 40 00 40 06 ac b5 FF FF FF c6 E..(..@.@.....r.
0020 FF FF FF df 02 7c c9 0a 23 63 fa 86 f9 79 76 a1 ..a..|..#c...yv.
0030 50 10 01 f5 f2 a8 00 00 P.......
0000 00 04 00 01 00 06 00 50 56 a2 57 0e 00 00 08 00 .......PV.W.....
0010 45 00 00 2f 9b 8d 40 00 40 06 ac ad FF FF FF c6 E../..@.@.....r.
0020 FF FF FF df 02 7c c9 0a 23 63 fa 86 f9 79 76 a1 ..a..|..#c...yv.
0030 50 18 01 f5 f2 af 00 00 15 03 03 00 02 02 28 P.............(
If I test connecting on the command line to the server in question, I
can connect using any of RSA+SHA256, RSA+SHA384, and RSA+SHA512 from
the above signature algorithms without issue, like:
What sort of certificate does the server have. Are there any ssl module
settings in its openssl.cnf file?
no module settings for openssl.cnf.
For the server with the non-working cert, this is the x509 text output:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
---
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018
Validity
Not Before: Mar 26 17:49:45 2020 GMT
Not After : Apr 30 21:21:03 2022 GMT
Subject: C=CA, ST=Alberta, L=---
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:be:7a:f2:f6:aa:17:97:ec:06:d7:9f:ff:55:01:
4d:e9:97:50:99:3a:db:50:07:c2:7a:f5:23:b3:d1:
fe:f9:69:03:a8:74:d8:f3:6c:cc:e9:3b:ec:4e:48:
15:ac:d7:91:19:c7:e4:ad:0b:b0:52:58:4d:68:e8:
77:89:ae:ee:72:56:dd:72:8a:71:bf:de:0e:79:6d:
6d:e9:fb:a8:16:78:3f:eb:a0:a7:dc:ee:2e:b9:02:
94:86:8a:f9:ee:31:ab:39:11:aa:9e:83:12:d7:92:
5b:3e:99:45:44:dd:b4:4b:ca:4d:90:37:18:1c:1e:
a7:50:22:bf:c2:b5:0c:06:0b:c6:7e:81:0c:6a:43:
ee:69:f7:7b:3d:21:16:c6:3f:b2:33:a7:bd:15:0d:
df:c4:a4:c6:bb:3e:be:0e:6d:ef:2c:fa:1e:3c:0c:
1b:73:4f:80:79:8f:39:c9:38:93:c8:5d:b9:fb:0b:
62:86:b8:bd:31:fb:6f:1b:8b:55:0a:9d:4d:74:13:
6b:4e:90:6a:4b:56:71:d0:d4:97:b1:6c:dd:be:64:
ad:2b:f4:91:6a:9e:f8:73:5e:cb:b5:0b:e5:c9:c4:
85:a2:8b:2a:75:1f:b2:25:ad:4d:7c:21:41:76:8c:
e5:3e:28:7e:ac:39:ff:99:4f:66:e0:27:e5:b9:4f:
b6:5a:37:46:0d:5f:12:e3:f0:cc:04:28:48:f3:0c:
c5:32:76:99:40:58:c0:eb:ca:b5:22:00:c7:d3:93:
c4:9e:a6:20:25:ac:f8:9d:a0:02:c6:b6:23:02:e0:
77:3c:de:68:12:10:7f:9d:7e:70:f4:cf:49:b3:03:
9a:bc:20:87:85:b3:9f:27:08:02:16:f5:62:4b:b9:
ac:0a:2f:d9:de:f5:ef:64:51:2a:e1:5e:ed:10:15:
ff:91:c4:13:a6:ae:2f:88:9e:29:01:1d:f4:db:c1:
a4:e8:3c:74:97:59:2f:df:45:c1:2c:10:5e:b7:7c:
ab:ff:cc:a3:eb:a3:ec:e6:f7:e4:12:c2:1a:06:f2:
fb:ec:d4:50:f5:50:66:92:9d:96:e7:34:ab:8c:42:
dd:a8:ba:83:8a:9e:88:bd:0d:e7:fe:07:9f:50:c8:
db:34:e2:35:1a:10:2d:a5:b6:be:88:4c:f2:42:31:
35:83:b4:e2:9e:52:7f:db:5a:25:7d:82:f9:31:c0:
19:f3:bf:06:a3:44:ba:ff:6f:c2:3a:0c:72:82:f8:
30:ba:41:da:c0:49:0e:07:aa:83:c7:89:91:f3:02:
fc:1d:64:3b:7e:ec:60:9f:ef:21:bd:3f:e7:90:91:
73:60:48:98:08:28:6c:72:03:40:6b:1d:72:01:09:
97:f9:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
Authority Information Access:
CA Issuers -
URI:http://secure.globalsign.com/cacert/gsrsaovsslca2018.crt
OCSP - URI:http://ocsp.globalsign.com/gsrsaovsslca2018
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.4146.1.20
CPS: https://www.globalsign.com/repository/
Policy: 2.23.140.1.2.2
X509v3 Basic Constraints:
CA:FALSE
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl.globalsign.com/gsrsaovsslca2018.crl
X509v3 Subject Alternative Name:
DNS:---
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Authority Key Identifier:
keyid:F8:EF:7F:F2:CD:78:67:A8:DE:6F:8F:24:8D:88:F1:87:03:02:B3:EB
X509v3 Subject Key Identifier:
---
1.3.6.1.4.1.11129.2.4.2: ---
Signature Algorithm: sha256WithRSAEncryption
99:3e:bd:18:22:63:b0:45:5a:9d:e0:9a:30:36:18:5c:c4:a6:
72:d8:a7:b0:5f:c6:61:14:66:74:2b:0d:63:2c:57:04:05:a6:
48:f7:19:09:3b:4e:20:70:54:92:30:77:b4:c0:3f:4d:d4:3f:
fc:e0:ee:fb:5a:4b:7a:a9:3f:08:d7:f3:59:a9:10:0b:a7:88:
10:4a:cd:a6:ae:8b:44:00:b7:bd:9e:29:ce:51:63:fe:82:ca:
e2:4d:88:b0:ab:ff:dc:24:fe:a7:3e:7e:ea:78:3c:ea:fa:20:
f0:37:72:33:cd:1d:fd:21:ae:35:d8:c8:f2:6c:e9:d6:88:d9:
2e:6d:7b:46:49:be:7d:d4:ab:be:21:47:1a:95:ab:e2:31:e7:
7f:50:19:41:22:18:2c:f0:53:7a:00:ca:c6:17:12:92:d8:ec:
88:cf:87:ee:04:fd:89:71:61:08:4e:75:23:2b:6f:d6:ed:00:
ae:9d:c2:16:b7:31:97:92:fc:88:86:e6:8a:3b:d8:19:42:f5:
8b:52:03:0a:17:35:d2:e6:b1:f0:80:bf:fc:29:a7:42:72:67:
9b:00:49:17:30:19:d2:6c:53:15:d2:73:1c:9f:5e:d7:c0:07:
47:67:75:63:bf:4c:a6:32:22:f3:e3:5a:0b:15:ed:1c:56:79:
78:d1:1d:63
For the working server,
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
---
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018
Validity
Not Before: Aug 7 16:46:05 2019 GMT
Not After : Oct 13 14:46:02 2021 GMT
Subject: C=CA, ST=Alberta, L=---
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:a0:cb:85:09:24:5f:d4:11:67:fc:4b:08:15:31:
14:8c:1f:01:ed:fe:e1:f3:b1:95:7a:31:a7:90:5e:
61:9d:47:fc:41:08:86:de:77:c3:18:18:d6:23:8d:
44:21:b1:f2:12:29:0d:85:e7:be:e2:ae:f8:de:ac:
a6:5c:36:f4:fc:be:cf:eb:28:a5:bf:9b:5b:32:c7:
96:1f:c6:41:7b:19:0f:39:ec:00:b2:50:f4:de:64:
33:55:71:81:ab:99:00:14:32:d9:65:9c:9b:ba:52:
a5:62:80:75:f4:ae:ed:65:70:77:ca:76:4d:b5:94:
ab:89:88:ef:2e:2c:db:54:15:e7:5d:05:c4:bb:46:
df:1b:6d:e2:60:70:f0:ea:08:d1:92:4f:5f:76:d0:
64:7a:2f:f4:a0:19:c8:d1:20:e6:59:8a:a1:90:76:
70:0c:48:5f:32:b7:66:77:c4:de:08:1c:9d:0c:f4:
f9:e1:88:02:90:c1:6f:46:c4:88:ae:91:18:08:04:
5f:e4:c6:ce:d6:f2:c1:23:31:61:7c:2c:cf:dc:2c:
17:b0:b5:b4:a9:24:c3:a5:c5:c9:04:38:63:e6:88:
79:88:0c:66:f5:f8:b5:d5:7f:b9:de:97:6d:2c:7d:
5b:33:ba:52:30:9f:0b:d7:16:8d:0c:69:36:5a:a2:
4c:41:99:c6:82:d4:cf:29:6e:a5:c0:91:c3:0a:6b:
57:6d:f3:ba:d4:74:d0:59:3b:a0:f2:79:18:54:8e:
f8:4f:18:75:7b:d9:d5:a9:56:c8:af:8a:5f:ce:93:
a7:c3:88:53:03:54:6d:4d:2a:36:d9:ee:0d:6d:9b:
72:6a:f3:d2:81:b3:0c:ad:1b:f8:0c:f6:1a:c0:bb:
23:f3:55:92:8d:31:bc:01:75:d1:f0:d9:cd:41:3a:
1f:d9:7a:3b:6c:17:e4:c8:91:eb:81:82:7f:01:1e:
f2:cf:77:44:e2:8f:97:d9:c6:f1:99:7a:58:7c:c1:
c1:9c:43:c6:89:9f:2c:ec:67:33:ef:66:36:c7:b7:
b9:db:f2:b5:f9:e7:6e:84:ec:44:95:e6:23:f6:fa:
d0:91:69:72:57:a1:23:8d:56:76:a7:5f:f2:f1:4a:
a6:d0:70:c5:d1:e1:4c:5f:c8:6c:34:94:42:ed:f6:
c8:36:db:5b:15:7f:4c:66:50:dc:d2:8c:45:5d:fc:
dd:67:20:e8:55:f3:84:5d:88:18:c8:c4:1b:c6:d6:
de:d0:dd:38:fb:4c:ac:68:9d:73:5e:52:c6:cf:50:
ca:1b:e9:b7:f7:50:c9:a5:27:df:d6:09:18:72:a3:
5a:5f:47:22:d5:e1:56:ae:9c:20:cd:c3:58:e6:ae:
b7:24:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
Authority Information Access:
CA Issuers -
URI:http://secure.globalsign.com/cacert/gsrsaovsslca2018.crt
OCSP - URI:http://ocsp.globalsign.com/gsrsaovsslca2018
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.4146.1.20
CPS: https://www.globalsign.com/repository/
Policy: 2.23.140.1.2.2
X509v3 Basic Constraints:
CA:FALSE
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl.globalsign.com/gsrsaovsslca2018.crl
X509v3 Subject Alternative Name:
DNS:---
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Authority Key Identifier:
keyid:F8:EF:7F:F2:CD:78:67:A8:DE:6F:8F:24:8D:88:F1:87:03:02:B3:EB
X509v3 Subject Key Identifier:
---
1.3.6.1.4.1.11129.2.4.2: ---
Signature Algorithm: sha256WithRSAEncryption
5a:80:48:10:86:0d:f9:66:d3:bc:7b:35:a8:7b:20:8c:6c:c9:
ca:ad:62:72:24:20:35:59:ba:aa:38:4e:c0:89:75:b9:ce:3d:
b2:61:35:e9:4e:d8:bc:7b:8a:ee:23:2c:cc:ae:0a:12:2d:bc:
27:c5:f6:13:3c:5d:1a:d9:83:4c:7c:bc:4e:f7:fd:f4:cf:77:
3b:f1:be:6c:be:c0:8b:0c:4f:f2:3f:1f:c8:8d:8e:28:a2:af:
17:bf:63:c0:60:25:96:b3:65:4c:8a:7e:6a:c1:8f:bc:48:b6:
e7:85:89:a5:d2:96:98:c9:62:53:fd:12:1c:37:ce:b2:de:54:
78:37:9a:a7:c3:65:1d:bd:65:bd:55:ac:72:bc:4a:43:41:ee:
37:8a:e9:13:9e:56:34:35:f1:e0:72:0d:67:1f:52:ee:81:8d:
86:d6:62:86:19:cd:5e:88:1e:7e:d0:c1:30:1b:39:bc:cf:b2:
81:f3:73:af:72:6d:8a:fb:be:5c:c2:de:10:f5:ae:10:e4:d6:
6b:cd:04:10:55:f2:81:71:a5:bb:6a:fc:b2:05:91:9a:33:2e:
74:85:e2:58:78:56:a8:76:89:d6:05:38:dc:58:25:70:e0:49:
44:b8:45:97:c5:42:c0:3c:ff:d8:a5:7d:60:b6:dd:fc:3d:69:
d6:d1:31:82
Thanks!
Regards,
Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>