[Freeipa-users] OT: https://www.freeipa.org missing intermediate certificate

Natxo Asenjo natxo.asenjo at gmail.com
Fri Jul 31 08:10:12 UTC 2015 

Hi,


Maybe just one more redirect if people come directly to https://freeipa.org?



$ curl -LIv https://freeipa.org
* Rebuilt URL to: https://freeipa.org/
* Hostname was NOT found in DNS cache
*   Trying 209.132.183.105...
* Connected to freeipa.org (209.132.183.105) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* Server certificate:
*     subject: CN=*.redhat.com,OU=Web Operations,O=Red Hat
Inc,L=Raleigh,ST=North
Carolina,C=US,serialNumber=dmox-zPOCChZGgYyWu9xg8JTHSbjFg9P
*     start date: Sep 09 18:07:24 2013 GMT
*     expire date: Dec 12 02:08:43 2015 GMT
*     common name: *.redhat.com
*     issuer: CN=GeoTrust SSL CA,O="GeoTrust, Inc.",C=US
* NSS error -12276 (SSL_ERROR_BAD_CERT_DOMAIN)
* Unable to communicate securely with peer: requested domain name does not
match the server's certificate.
* Closing connection 0
curl: (51) Unable to communicate securely with peer: requested domain name
does not match the server's certificate.


$ curl -LIv https://www.freeipa.org
* Rebuilt URL to: https://www.freeipa.org/
* Hostname was NOT found in DNS cache
*   Trying 54.227.25.77...
* Connected to www.freeipa.org (54.227.25.77) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL connection using TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
* Server certificate:
*     subject: CN=www.freeipa.org,O=Red Hat Inc.,L=Raleigh,ST=North
Carolina,C=US
*     start date: Jul 16 00:00:00 2014 GMT
*     expire date: Jul 19 12:00:00 2016 GMT
*     common name: www.freeipa.org
*     issuer: CN=DigiCert SHA2 High Assurance Server
CA,OU=www.digicert.com,O=DigiCert
Inc,C=US
> HEAD / HTTP/1.1
> User-Agent: curl/7.37.0
> Host: www.freeipa.org
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
HTTP/1.1 301 Moved Permanently
< Date: Fri, 31 Jul 2015 08:09:29 GMT
Date: Fri, 31 Jul 2015 08:09:29 GMT
* Server Apache/2.2.15 (Red Hat) is not blacklisted
< Server: Apache/2.2.15 (Red Hat)
Server: Apache/2.2.15 (Red Hat)
< X-Content-Type-Options: nosniff
X-Content-Type-Options: nosniff
< Vary: Accept-Encoding,Cookie
Vary: Accept-Encoding,Cookie
< Expires: Thu, 01 Jan 1970 00:00:00 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
< Cache-Control: private, must-revalidate, max-age=0
Cache-Control: private, must-revalidate, max-age=0
< Last-Modified: Fri, 31 Jul 2015 08:09:29 GMT
Last-Modified: Fri, 31 Jul 2015 08:09:29 GMT
< Location: https://www.freeipa.org/page/Main_Page
Location: https://www.freeipa.org/page/Main_Page
< Content-Type: text/html; charset=utf-8
Content-Type: text/html; charset=utf-8

<
* Connection #0 to host www.freeipa.org left intact
* Issue another request to this URL: 'https://www.freeipa.org/page/Main_Page
'
* Found bundle for host www.freeipa.org: 0x1e1d850
* Re-using existing connection! (#0) with host www.freeipa.org
* Connected to www.freeipa.org (54.227.25.77) port 443 (#0)
> HEAD /page/Main_Page HTTP/1.1
> User-Agent: curl/7.37.0
> Host: www.freeipa.org
> Accept: */*
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Date: Fri, 31 Jul 2015 08:09:29 GMT
Date: Fri, 31 Jul 2015 08:09:29 GMT
* Server Apache/2.2.15 (Red Hat) is not blacklisted
< Server: Apache/2.2.15 (Red Hat)
Server: Apache/2.2.15 (Red Hat)
< X-Content-Type-Options: nosniff
X-Content-Type-Options: nosniff
< Content-language: en
Content-language: en
< X-UA-Compatible: IE=Edge
X-UA-Compatible: IE=Edge
< Vary: Accept-Encoding,Cookie
Vary: Accept-Encoding,Cookie
< Expires: Thu, 01 Jan 1970 00:00:00 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
< Cache-Control: private, must-revalidate, max-age=0
Cache-Control: private, must-revalidate, max-age=0
< Last-Modified: Thu, 16 Jul 2015 13:22:10 GMT
Last-Modified: Thu, 16 Jul 2015 13:22:10 GMT
< Content-Type: text/html; charset=UTF-8
Content-Type: text/html; charset=UTF-8

<
* Connection #0 to host www.freeipa.org left intact


Thanks!


---

regards,

natxo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150731/4bea2135/attachment.htm>

More information about the Freeipa-users mailing list