- Certificate type: X.509
- Got a certificate list of 3 certificates.
- Certificate[0] info:
- subject `C=US,ST=Massachusetts,L=Bedford,O=RSA Security LLC,OU=Verified by Visa,OU=Terms of use at www.verisign.com/rpa (c)05,CN=www.securesuite.co.uk', issuer `C=US,O=VeriSign\, Inc.,OU=VeriSign Trust Network,OU=Terms of use at https://www.verisign.com/rpa (c)10,CN=VeriSign Class 3 International Server CA - G3', RSA key 2048 bits, signed using RSA-SHA1, activated `2011-08-22 00:00:00 UTC', expires `2017-08-20 23:59:59 UTC', SHA-1 fingerprint `771ef15fe1aae19c9c204a3bc59d14dea39bd85c'
- Certificate[2] info:
- subject `C=US,O=VeriSign\, Inc.,OU=VeriSign Trust Network,OU=Terms of use at https://www.verisign.com/rpa (c)10,CN=VeriSign Class 3 International Server CA - G3', issuer `C=US,O=VeriSign\, Inc.,OU=VeriSign Trust Network,OU=(c) 2006 VeriSign\, Inc. - For authorized use only,CN=VeriSign Class 3 Public Primary Certification Authority - G5', RSA key 2048 bits, signed using RSA-SHA1, activated `2010-02-08 00:00:00 UTC', expires `2020-02-07 23:59:59 UTC', SHA-1 fingerprint `b18d9d195669ba0f7829517566c25f422a277104'
Looks like the intermediate certificates are out of order, and gnutls doesn't like out of order certificates (cert #1 and cert #2 are inverted):
mdeslaur@mdlinux:~$ gnutls-cli --insecure --x509cafile /etc/ssl/ certs/ca- certificates. crt --print-cert -p 443 www.securesuite .co.uk e.co.uk' ... 172.27: 443'...
Processed 153 CA certificate(s).
Resolving 'www.securesuit
Connecting to '62.73.
*** Verifying server certificate failed...
- Ephemeral Diffie-Hellman parameters
- Using prime: 1024 bits
- Secret key: 1022 bits
- Peer's public key: 1024 bits
- PKCS#3 format:
-----BEGIN DH PARAMETERS----- au6Vsvv2NV4gRFc /E5p0Gxydj2S/ +3bqqc6CM7Uy1Y1 eZeSC6 5nX5DvC3CaD3u78 99ixFFkBd7OsS7F 1dIgTzr3+ 2rWicMULxV 7hxuDrxkUn0bFwO /KukaR5NRZ7L5Gu j/VIG47AgEC
MIGHAoGBAKUEMpw
5FQLN04IIfusxDi
T2RQE2y4wsvt1S4
-----END DH PARAMETERS-----
- Certificate type: X.509 Massachusetts, L=Bedford, O=RSA Security LLC,OU=Verified by Visa,OU=Terms of use at www.verisign. com/rpa (c)05,CN= www.securesuite .co.uk' , issuer `C=US,O=VeriSign\, Inc.,OU=VeriSign Trust Network,OU=Terms of use at https:/ /www.verisign. com/rpa (c)10,CN=VeriSign Class 3 International Server CA - G3', RSA key 2048 bits, signed using RSA-SHA1, activated `2011-08-22 00:00:00 UTC', expires `2017-08-20 23:59:59 UTC', SHA-1 fingerprint `771ef15fe1aae1 9c9c204a3bc59d1 4dea39bd85c'
- Got a certificate list of 3 certificates.
- Certificate[0] info:
- subject `C=US,ST=
-----BEGIN CERTIFICATE----- BAgIQCvUKsRGxh1 WyX91o6vTZ/ TANBgkqhkiG9w0B AQUFADCB CVVMxFzAVBgNVBA oTDlZlcmlTaWduL CBJbmMuMR8wHQYD VQQL UcnVzdCBOZXR3b3 JrMTswOQYDVQQLE zJUZXJtcyBvZiB1 c2Ug 3d3cudmVyaXNpZ2 4uY29tL3JwYSAoY ykxMDE2MDQGA1UE AxMt hc3MgMyBJbnRlcm 5hdGlvbmFsIFNlc nZlciBDQSAtIEcz MB4X wMFoXDTE3MDgyMD IzNTk1OVowgcIxC zAJBgNVBAYTAlVT MRYw zYWNodXNldHRzMR AwDgYDVQQHFAdCZ WRmb3JkMRkwFwYD VQQK pdHkgTExDMRkwFw YDVQQLFBBWZXJpZ mllZCBieSBWaXNh MTMw tcyBvZiB1c2UgYX Qgd3d3LnZlcmlza WduLmNvbS9ycGEg KGMp UFXd3dy5zZWN1cm VzdWl0ZS5jby51a zCCASIwDQYJKoZI hvcN CAQoCggEBANhFyo vO7mVWLcoo0J+ QBnyBXOU7+ GnoFTn57LXe TxhqxXgYZvp5wPo TdIihfTznayRLTb 5Lwvy5WSAO2DxQ+ zAaG WU2slJOP74BnERb 0IF53DMOt78Ni2j RWjXYdAI185xzBL 1+EA XL3rGE1/ CHqBijUwUcrfO76 J6nBVOcg+ gKT8k7LXL7PQRC/ P8 dj8z6SrEPTuei5R KJs6a1eOVVyGfQ8 Lorr1JSFv2PRjRr yImZ 0g/kKFWkXBzIury 1Hm56mnjW+ y5tjmeMCAwEAAaO CAbMwggGv wCwYDVR0PBAQDAg WgMEQGA1UdIAQ9M DswOQYLYIZIAYb4 RQEH FBQcCARYcaHR0cH M6Ly93d3cudmVya XNpZ24uY29tL3Jw YTBB gNKAyhjBodHRwOi 8vU1ZSSW50bC1HM y1jcmwudmVyaXNp Z24u HMy5jcmwwKAYDVR 0lBCEwHwYIKwYBB QUHAwEGCCsGAQUF BwMC wcgYIKwYBBQUHAQ EEZjBkMCQGCCsGA QUFBzABhhhodHRw Oi8v nbi5jb20wPAYIKw YBBQUHMAKGMGh0d HA6Ly9TVlJJbnRs LUcz nbi5jb20vU1ZSSW 50bEczLmNlcjBuB ggrBgEFBQcBDARi MGCh pbWFnZS9naWYwIT AfMAcGBSsOAwIaB BRLa7kolgYMu9BS OJsp odHRwOi8vbG9nby 52ZXJpc2lnbi5jb 20vdnNsb2dvMS5n aWYw FBQADggEBAIEUiW LnO3qU+ OjC4d9u4QMfB9J3 0DB1vhGAwCjt 2z0nTb/ RgkVdfVso2GGXzi PgdxN6tj3ep6kkc YVqPCAyHqHqY jpSgI19yIVXeTbU yHqquDMqw1MjIXe Tw117bCiE47iXa5 6R1v dAOjGxojwDocAUw PrN53EgNbxI+ k8DsUIEKoScwJQ0 I5Fi1TN nScBrazFFdYifxx 7LD0b3DJaOHwWjw RDVrcSAvRYMsF7X 52ii 7PTLYhTi77aYz8X saAlqiwnSjCvftO myOoNdWvlM=
MIIFvzCCBKegAwI
vDELMAkGA1UEBhM
ExZWZXJpU2lnbiB
YXQgaHR0cHM6Ly9
VmVyaVNpZ24gQ2x
DTExMDgyMjAwMDA
FAYDVQQIEw1NYXN
FBBSU0EgU2VjdXJ
MQYDVQQLFCpUZXJ
MDUxHjAcBgNVBAM
AQEBBQADggEPADC
dszbyfgkiFNFs88
wGdHAft0MZ4vntz
yGG5qqO3k6BmIHL
9rUHMngASpykUC7
BF/+tv0uTAI9f09
MAkGA1UdEwQCMAA
FwMwKjAoBggrBgE
BgNVHR8EOjA4MDa
Y29tL1NWUkludGx
BglghkgBhvhCBAE
b2NzcC52ZXJpc2l
LWFpYS52ZXJpc2l
XqBcMFowWDBWFgl
rEsHiyEFGDAmFiR
DQYJKoZIhvcNAQE
a6wRN62xKS3tAYr
LxJ2FPKTj61Kotg
Rh8Gi7WPENtlfqf
gZXTIpMcsIT2Ahh
rXJ8eN+
-----END CERTIFICATE-----
- Certificate[1] info: cf8856c63db873d f0853b4dd27'
- subject `C=US,O=VeriSign\, Inc.,OU=VeriSign Trust Network,OU=(c) 2006 VeriSign\, Inc. - For authorized use only,CN=VeriSign Class 3 Public Primary Certification Authority - G5', issuer `C=US,O=VeriSign\, Inc.,OU=Class 3 Public Primary Certification Authority', RSA key 2048 bits, signed using RSA-SHA1, activated `2006-11-08 00:00:00 UTC', expires `2021-11-07 23:59:59 UTC', SHA-1 fingerprint `32f30882622b87
-----BEGIN CERTIFICATE----- BAgIQJQzo4DBhLp 8rifcFTXz4/ TANBgkqhkiG9w0B AQUFADBf VUzEXMBUGA1UECh MOVmVyaVNpZ24sI EluYy4xNzA1BgNV BAsT ibGljIFByaW1hcn kgQ2VydGlmaWNhd GlvbiBBdXRob3Jp dHkw wMDAwWhcNMjExMT A3MjM1OTU5WjCBy jELMAkGA1UEBhMC VVMx lcmlTaWduLCBJbm MuMR8wHQYDVQQLE xZWZXJpU2lnbiBU cnVz wOAYDVQQLEzEoYy kgMjAwNiBWZXJpU 2lnbiwgSW5jLiAt IEZv kIHVzZSBvbmx5MU UwQwYDVQQDEzxWZ XJpU2lnbiBDbGFz cyAz tYXJ5IENlcnRpZm ljYXRpb24gQXV0a G9yaXR5IC0gRzUw ggEi BAQUAA4IBDwAwgg EKAoIBAQCvJAgIK Xo1nmAMqudLO07c fLw8 KQL5VwijZIUVJ/ XxrcgxiV0i6Cqqp kKzj/i5Vbext0uz /o9+B1fs70Pb gw2IIPVQT60nKWV SFJuUrjxuf6/ WhkcIzSdhDY2pSS 9KP6HBR 023tdS1bTlr8Vd6 Gw9KIl8q8ckmcY5 fQGBO+QueQA5N06 tRn/ s3i+z016zy9vA9r 911kTMZHRxAy3Qk GSGT2RT+ rCpSx4/ VBEnkjWNH R70rfk/ Fla4OndTRQ8Bnc+ MUCH7lP59zuDMKz 10/NIeWiu5T6CUV AgMB PBgNVHRMBAf8EBT ADAQH/MDEGA1UdH wQqMCgwJqAkoCKG IGh0 yaXNpZ24uY29tL3 BjYTMuY3JsMA4GA 1UdDwEB/ wQEAwIBBjA9 GBFUdIAAwKjAoBg grBgEFBQcCARYca HR0cHM6Ly93d3cu dmVy wczAdBgNVHQ4EFg QUf9Nlp8Ld7LvwM AnzQzn6Aq8zMTMw bQYI foV2gWzBZMFcwVR YJaW1hZ2UvZ2lmM CEwHzAHBgUrDgMC GgQU AatRIGCx7GS4wJR YjaHR0cDovL2xvZ 28udmVyaXNpZ24u Y29t wNAYIKwYBBQUHAQ EEKDAmMCQGCCsGA QUFBzABhhhodHRw Oi8v nbi5jb20wPgYDVR 0lBDcwNQYIKwYBB QUHAwEGCCsGAQUF BwMC JYIZIAYb4QgQBBg pghkgBhvhFAQgBM A0GCSqGSIb3DQEB BQUA yWvj4IAxZiGIHzs 73Tvm7WaGY5eE43 U68ZhjTresY8g3J bT5K zEK0saz6r1we2uI FjxfleLuUqZ87NM wwq14lWAyMfs77o OghZ 9mz1Cvxm1XjRl4t 7mi0VfqH5pLr7rJ jhJ+xr3/
MIIE0DCCBDmgAwI
MQswCQYDVQQGEwJ
LkNsYXNzIDMgUHV
HhcNMDYxMTA4MDA
FzAVBgNVBAoTDlZ
dCBOZXR3b3JrMTo
ciBhdXRob3JpemV
IFB1YmxpYyBQcml
MA0GCSqGSIb3DQE
RRy7K+D+
ZmIVYc9gDaTY3vj
TdGJaXvHcPaz3BJ
Arr0PO7gi+
iDxpg8v+
AAGjggGbMIIBlzA
dHA6Ly9jcmwudmV
BgNVHSAENjA0MDI
aXNpZ24uY29tL2N
KwYBBQUHAQwEYTB
j+XTGoasjY5rw8+
L3ZzbG9nby5naWY
b2NzcC52ZXJpc2l
BggrBgEFBQcDAwY
A4GBABMC3fjohgD
lCDDPLq9ZVTGr0S
tOxFNfeKW/
-----END CERTIFICATE-----
- Certificate[2] info: /www.verisign. com/rpa (c)10,CN=VeriSign Class 3 International Server CA - G3', issuer `C=US,O=VeriSign\, Inc.,OU=VeriSign Trust Network,OU=(c) 2006 VeriSign\, Inc. - For authorized use only,CN=VeriSign Class 3 Public Primary Certification Authority - G5', RSA key 2048 bits, signed using RSA-SHA1, activated `2010-02-08 00:00:00 UTC', expires `2020-02-07 23:59:59 UTC', SHA-1 fingerprint `b18d9d195669ba 0f7829517566c25 f422a277104'
- subject `C=US,O=VeriSign\, Inc.,OU=VeriSign Trust Network,OU=Terms of use at https:/
-----BEGIN CERTIFICATE----- BAgIQZBvoIM4CCB PzLU0tldZ+ ZzANBgkqhkiG9w0 BAQUFADCB CVVMxFzAVBgNVBA oTDlZlcmlTaWduL CBJbmMuMR8wHQYD VQQL UcnVzdCBOZXR3b3 JrMTowOAYDVQQLE zEoYykgMjAwNiBW ZXJp tIEZvciBhdXRob3 JpemVkIHVzZSBvb mx5MUUwQwYDVQQD EzxW zcyAzIFB1YmxpYy BQcmltYXJ5IENlc nRpZmljYXRpb24g QXV0 wHhcNMTAwMjA4MD AwMDAwWhcNMjAwM jA3MjM1OTU5WjCB vDEL xFzAVBgNVBAoTDl ZlcmlTaWduLCBJb mMuMR8wHQYDVQQL ExZW zdCBOZXR3b3JrMT swOQYDVQQLEzJUZ XJtcyBvZiB1c2Ug YXQg udmVyaXNpZ24uY2 9tL3JwYSAoYykxM DE2MDQGA1UEAxMt VmVy gMyBJbnRlcm5hdG lvbmFsIFNlcnZlc iBDQSAtIEczMIIB IjAN FAAOCAQ8AMIIBCg KCAQEAmdacYvAV9 IGaQQhZjxOdF8mf Udza G4615HycQmLi7IJ fBKERBD+ qpqFLPTU4bi7u1x HbZzFYG7rNV NiQDk3P/ hwB9ocenHKS5+ vDv85burJlSLZpD N9pK5MSSAvJ5s kRLX/gYtS4w9D0S mNNiBXNUppyiHb5 SgzoHRsQ7AlYhv/ JRT9Cm iZucff5NYAclIPe 712mDK4KTQzfZg0 EbawurSmaET0qO3 n40mY5o1so5 hBMT7oE2sLktiEu P7TfbJUQABH/ weaoEqOOC5T9YtR QIDAQAB DVR0TAQH/ BAgwBgEB/ wIBADBwBgNVHSAE aTBnMGUGC2CGSAG G IKwYBBQUHAgEWHG h0dHBzOi8vd3d3L nZlcmlzaWduLmNv bS9j HAgIwHhocaHR0cH M6Ly93d3cudmVya XNpZ24uY29tL3Jw YTAO CAQYwbQYIKwYBBQ UHAQwEYTBfoV2gW zBZMFcwVRYJaW1h Z2Uv rDgMCGgQUj+ XTGoasjY5rw8+ AatRIGCx7GS4wJR YjaHR0cDov pZ24uY29tL3ZzbG 9nby5naWYwNAYDV R0lBC0wKwYIKwYB BQUH CBglghkgBhvhCBA EGCmCGSAGG+ EUBCAEwNAYIKwYB BQUHAQEE FBzABhhhodHRwOi 8vb2NzcC52ZXJpc 2lnbi5jb20wNAYD VR0f jaHR0cDovL2NybC 52ZXJpc2lnbi5jb 20vcGNhMy1nNS5j cmww dMBsxGTAXBgNVBA MTEFZlcmlTaWduT VBLSS0yLTcwHQYD VR0O 33a1fzimbWMO8Rg C1MB8GA1UdIwQYM BaAFH/TZafC3ey7 8DAJ GCSqGSIb3DQEBBQ UAA4IBAQBxtX1zU krd1000Ky6vlEal SVAC qwk98NzzURniuXX hv0bpavBCrWDbFj GIVRWAXIeLVQqh3 oVXY E0z6k1dYzmp8N5t dOlkSVWmzWoxZTD phDzqS4w2Z6BVxi EOgb 9/XaxvMisxx+ rNAVnwzeneUW/ ULU/sOX7xo+ 68q7jA3eRaTJX9N EP9X ZLUNkt6Zmh+ q8lkYZGoaLb9e3S QBb26O/ KZru99MzrqP0nkz K veasB+lXwiiFm5W Vu/XzT3x7rfj8Gk PsZC9MGAht4Q5mo
MIIGKTCCBRGgAwI
yjELMAkGA1UEBhM
ExZWZXJpU2lnbiB
U2lnbiwgSW5jLiA
ZXJpU2lnbiBDbGF
aG9yaXR5IC0gRzU
MAkGA1UEBhMCVVM
ZXJpU2lnbiBUcnV
aHR0cHM6Ly93d3c
aVNpZ24gQ2xhc3M
BgkqhkiG9w0BAQE
sVLv/+NB3eDfxCj
ICreFY1xy1TIbxf
1fx+0uFLjNxC+
mTnprqU/
BptMs5pITRNGtFg
o4ICFTCCAhEwEgY
+EUBBxcDMFYwKAY
cHMwKgYIKwYBBQU
BgNVHQ8BAf8EBAM
Z2lmMCEwHzAHBgU
L2xvZ28udmVyaXN
AwEGCCsGAQUFBwM
KDAmMCQGCCsGAQU
BC0wKzApoCegJYY
KAYDVR0RBCEwH6Q
BBYEFNebfNgioBX
80M5+gKvMzEzMA0
T/gvF3DyE9wfIYa
QwRR9m66SOZdTLd
Ett9LnZQ/
+79uOzMh3nnchhd
XmnUG623kHdq2Fl
-----END CERTIFICATE-----
- The hostname in the certificate matches 'www.securesuit e.co.uk' .
- Peer's certificate is NOT trusted
- Version: TLS1.0
- Key Exchange: DHE-RSA
- Cipher: AES-128-CBC
- MAC: SHA1
- Compression: NULL
- Handshake was completed
- Simple Client Mode: