curl-users
RE: alert certificate expired
Date: Mon, 31 Oct 2011 18:16:55 -0400
On Mon, Oct 31, 2011 at 05:20:30PM -0400, Steven Shourds wrote:
> [Steve Shourds] yes, we have been looking for an expired certificate, but
> cannot find any expired certificates.
>
> So what command would I use with the -v option? And on what certificate?
> Thanks...
It's a curl option:
$ curl -I -v https://www.google.com
* About to connect() to www.google.com port 443 (#0)
* Trying 173.194.33.18... connected
* Connected to www.google.com (173.194.33.18) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using RC4-SHA
* Server certificate:
* subject: C=US; ST=California; L=Mountain View; O=Google Inc;
CN=www.google.com
* start date: 2009-12-18 00:00:00 GMT
* expire date: 2011-12-18 23:59:59 GMT
* common name: www.google.com (matched)
* issuer: C=ZA; O=Thawte Consulting (Pty) Ltd.; CN=Thawte SGC CA
* SSL certificate verify ok.
Expect to see a new Google certificate within the next 48 days.
>>> Dan
[Steve Shourds]
[Steve Shourds] Here is the output. I still don't get what the problem is?
C:\TECH\curl>curl -I -v https://omsjms.asp.dupont.com/Comergent/jmsorders
--insecure
* About to connect() to omsjms.asp.dupont.com port 443 (#0)
* Trying 52.124.17.140... connected
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Request CERT (13):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using DHE-RSA-AES256-SHA
* Server certificate:
* subject: serialNumber=Gj5XnCfnoH6SzZfJXkP4vACh3vr23qrm; C=US;
O=omsjms.
asp.dupont.com; OU=GT23791432; OU=See www.geotrust.com/resources/cps (c)10;
OU=D
omain Control Validated - QuickSSL(R) Premium; CN=omsjms.asp.dupont.com
* start date: 2010-09-13 18:23:54 GMT
* expire date: 2011-11-15 22:33:27 GMT
* subjectAltName: omsjms.asp.dupont.com matched
* issuer: C=US; O=GeoTrust Inc.; OU=Domain Validated SSL; CN=GeoTrust
DV
SSL CA
* SSL certificate verify result: unable to get local issuer
certificate (
20), continuing anyway.
> HEAD /Comergent/jmsorders HTTP/1.1
> User-Agent: curl/7.22.0 (i386-pc-win32) libcurl/7.22.0 OpenSSL/0.9.8r
zlib/1.2
.5
> Host: omsjms.asp.dupont.com
> Accept: */*
>
< HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
< Date: Mon, 31 Oct 2011 22:09:42 GMT
Date: Mon, 31 Oct 2011 22:09:42 GMT
< Server: Apache
Server: Apache
< Content-Type: text/html; charset=iso-8859-1
Content-Type: text/html; charset=iso-8859-1
* no chunk, no close, no size. Assume close to signal end
<
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2011-10-31