On Thu, 8 Jul 2021 at 06:13, Christopher Hawker email@chrishawker.com.au wrote:
If it doesn’t have a known issuer, it is more than likely a self-signed cert.
I put the site on a ssl checker and it seems that the certificates being offered are in the 'wrong order' . Using openssl
CONNECTED(00000003) depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority verify return:1 depth=1 C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA verify return:1 depth=0 OU = Domain Control Validated, OU = PositiveSSL Multi-Domain, CN = limestonenetworks.com verify return:1 --- Certificate chain 0 s:OU = Domain Control Validated, OU = PositiveSSL Multi-Domain, CN = limestonenetworks.com i:C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA 1 s:C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root i:C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root 2 s:C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA i:C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority 3 s:C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority i:C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root 4 s:C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root i:C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root 5 s:C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA i:C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority 6 s:C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority i:C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root subject=OU = Domain Control Validated, OU = PositiveSSL Multi-Domain, CN = limestonenetworks.com
issuer=C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA --- No client certificate CA names sent Peer signing digest: SHA512 Peer signature type: RSA Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 10479 bytes and written 439 bytes Verification: OK --- New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE
=====
SO I think that is why it works in a browser. wget worked on my hosts also .. so I am guessing that something on the original posters system is blocking.
Regards, Christopher Hawker
Sent from my iPhone
On 8 Jul 2021, at 8:12 pm, Jim Archon jimarchon72@gmail.com wrote:
Hello,
https://mirror.lstn.net/ is returning HTTPS certificate errors with wget. Are you getting the same errors with wget from this mirror? There seem to be no errors with wget with the other HTTPS mirrors.
Interestingly, Google Chrome is not showing any Certificate errors on https://mirror.lstn.net/.
wget https://mirror.lstn.net/centos/8.4.2105/isos/x86_64/CentOS-8.4.2105-x86_64-b... --2021-07-08 09:35:51-- https://mirror.lstn.net/centos/8.4.2105/isos/x86_64/CentOS-8.4.2105-x86_64-b... Resolving mirror.lstn.net (mirror.lstn.net)... 2607:ff68:1:4c::100, 64.31.0.51 Connecting to mirror.lstn.net (mirror.lstn.net)|2607:ff68:1:4c::100|:443... connected. ERROR: The certificate of ‘mirror.lstn.net’ is not trusted. ERROR: The certificate of ‘mirror.lstn.net’ doesn't have a known issuer. ERROR: The certificate of ‘mirror.lstn.net’ has expired. _______________________________________________ CentOS-mirror mailing list CentOS-mirror@centos.org https://lists.centos.org/mailman/listinfo/centos-mirror
CentOS-mirror mailing list CentOS-mirror@centos.org https://lists.centos.org/mailman/listinfo/centos-mirror