Pastebin PRO Accounts SUMMER SPECIAL! For a limited time only get 40% discount on a LIFETIME PRO account! Offer Ends Soon!
SHARE
TWEET
Untitled
a guest
May 9th, 2016
100
Never
- The system log:-
- system.log:May 9 10:45:05 odserver-1 certupdate_web[12598]: "replace" the cert "/etc/certificates/*.ahc.uk.com.062E3FF1EDB22BF6987437D534C6BC573D518D62.cert.pem" with "/etc/certificates/*.ahc.uk.com.144A774F81B217DB88BCEF254AFAA2843701EBD9.cert.pem"
- system.log:May 9 10:45:06 odserver-1 SetProxyCert.py[12604]: serviceproxy[replaceAllDefaultCerts certificate = /etc/certificates/*.ahc.uk.com.144A774F81B217DB88BCEF254AFAA2843701EBD9 getCertPathList =0]
- system.log:May 9 10:45:14 odserver-1 certupdate_web[12598]: Web Config updated with replacement cert
- system.log:May 9 10:45:14 odserver-1 SetProxyCert.py[12642]: serviceproxy[replaceAllDefaultCerts certificate = /etc/certificates/*.ahc.uk.com.144A774F81B217DB88BCEF254AFAA2843701EBD9 getCertPathList =0]
- system.log:May 9 10:45:14 odserver-1 certupdate_web[12598]: Proxy Config updated with replacement cert
- system.log:May 9 10:45:15 odserver-1 mail_cert_handler[12645]: command: "replace" certificate: /etc/certificates/*.ahc.uk.com.062E3FF1EDB22BF6987437D534C6BC573D518D62.cert.pem with: /etc/certificates/*.ahc.uk.com.144A774F81B217DB88BCEF254AFAA2843701EBD9.cert.pem
- system.log:May 9 10:45:15 odserver-1 radius_cert_update.pl[12668]: Received "replace /etc/certificates/*.ahc.uk.com.062E3FF1EDB22BF6987437D534C6BC573D518D62.cert.pem /etc/certificates/*.ahc.uk.com.144A774F81B217DB88BCEF254AFAA2843701EBD9.cert.pem" command.
- system.log:May 9 10:45:15 odserver-1 radius_cert_update.pl[12668]: RADIUS is not configured with /etc/certificates/*.ahc.uk.com.062E3FF1EDB22BF6987437D534C6BC573D518D62.cert.pem, nothing to replace.
- system.log:May 9 10:45:16 odserver-1 ServerEventAgent[6355]: CertsKeychainMonitor: removing exported files for replaced certificate '/etc/certificates/*.ahc.uk.com.062E3FF1EDB22BF6987437D534C6BC573D518D62.cert.pem'
- From ASL logs
- serviceproxy[replaceAllDefaultCerts certificate = /etc/certificates/*.ahc.uk.com.062E3FF1EDB22BF6987437D534C6BC573D518D62 getCertPathList =0]
- May 9 10:45:06 odserver-1 SetProxyCert.py[12604] <Critical>: serviceproxy[replaceAllDefaultCerts certificate = /etc/certificates/*.ahc.uk.com.144A774F81B217DB88BCEF254AFAA2843701EBD9 getCertPathList =0]
- May 9 10:45:14 odserver-1 SetProxyCert.py[12642] <Critical>: serviceproxy[replaceAllDefaultCerts certificate = /etc/certificates/*.ahc.uk.com.144A774F81B217DB88BCEF254AFAA2843701EBD9 getCertPathList =0]
- May 9 10:45:15 odserver-1 mail_cert_handler[12645] <Notice>: command: "replace" certificate: /etc/certificates/*.ahc.uk.com.062E3FF1EDB22BF6987437D534C6BC573D518D62.cert.pem with: /etc/certificates/*.ahc.uk.com.144A774F81B217DB88BCEF254AFAA2843701EBD9.cert.pem
- May 9 10:45:15 odserver-1 radius_cert_update.pl[12668] <Notice>: Received "replace /etc/certificates/*.ahc.uk.com.062E3FF1EDB22BF6987437D534C6BC573D518D62.cert.pem /etc/certificates/*.ahc.uk.com.144A774F81B217DB88BCEF254AFAA2843701EBD9.cert.pem" command.
- May 9 10:45:15 odserver-1 radius_cert_update.pl[12668] <Notice>: RADIUS is not configured with /etc/certificates/*.ahc.uk.com.062E3FF1EDB22BF6987437D534C6BC573D518D62.cert.pem, nothing to replace.
- From Profile Manager Logs
- [8838] [2016/05/09 10:15:28.736] I: Completed in 111ms (View: 0, DB: 10) | 200 OK [https://odserver-1.ahc.uk.com/magic/do_magic]
- [12545] [2016/05/09 10:44:57.069] -[SULogFileCollection setGlobalLogLevelPrefix:]: YES
- 0:: [12545] [2016/05/09 10:44:57.087]
- ############################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################
- ruby-889.8 (PID:12545, OS:15C50, SERVER:15S4033, ARCH:x86_64) starting
- LA: ruby replace /etc/certificates/*.ahc.uk.com.062E3FF1EDB22BF6987437D534C6BC573D518D62.cert.pem c3N1aQAAACCHGRyjD8kR1ISaAAUCtSEiAAAAAAAAAAAAAAAAAAAABmRibm0AAAAjL0xpYnJhcnkvS2V5Y2hhaW5zL1N5c3RlbS5rZXljaGFpbgBpdGVtAAAAZ4AAEAAAAAAEAQAAAAAAAEMwQTELMAkGA1UEBhMCRlIxEjAQBgNVBAoTCUdBTkRJIFNBUzEeMBwGA1UEAxMVR0FOREkgU1RBTkRBUkQgU1NMIENBAAAAED71sKZaKhPV/Dw2dsRKdKE= /etc/certificates/*.ahc.uk.com.144A774F81B217DB88BCEF254AFAA2843701EBD9.cert.pem c3N1aQAAACCHGRyjD8kR1ISaAAUCtSEiAAAAAAAAAAAAAAAAAAAABmRibm0AAAAjL0xpYnJhcnkvS2V5Y2hhaW5zL1N5c3RlbS5rZXljaGFpbgBpdGVtAAAAW4AAEAAAAAAEAQAAAAAAAEMwQTELMAkGA1UEBhMCRlIxEjAQBgNVBAoTCUdBTkRJIFNBUzEeMBwGA1UEAxMVR0FOREkgU1RBTkRBUkQgU1NMIENBAAAABDuyn+s=
- Log verbosity level = 1
- UID = 0, EUID = 0
- ############################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################
- 0:: [12545] [2016/05/09 10:44:57.087] -[SULogFileCollection setGlobalLogLevelPrefix:]: NO
- (END)
- New cert that breaks everything:-
- epth=0 OU = Domain Control Validated, OU = Gandi Standard Wildcard SSL, CN = *.ahc.uk.com
- verify error:num=20:unable to get local issuer certificate
- verify return:1
- depth=0 OU = Domain Control Validated, OU = Gandi Standard Wildcard SSL, CN = *.ahc.uk.com
- verify error:num=21:unable to verify the first certificate
- verify return:1
- ---
- Certificate chain
- 0 s:/OU=Domain Control Validated/OU=Gandi Standard Wildcard SSL/CN=*.ahc.uk.com
- i:/C=FR/O=GANDI SAS/CN=Gandi Standard SSL CA
- 1 s:/OU=Domain Control Validated/OU=Gandi Standard Wildcard SSL/CN=*.ahc.uk.com
- i:/C=FR/O=GANDI SAS/CN=Gandi Standard SSL CA
- ---
- Server certificate
- -----BEGIN CERTIFICATE-----
- MIIE0jCCA7qgAwIBAgIDCP0pMA0GCSqGSIb3DQEBBQUAMEExCzAJBgNVBAYTAkZS
- MRIwEAYDVQQKEwlHQU5ESSBTQVMxHjAcBgNVBAMTFUdhbmRpIFN0YW5kYXJkIFNT
- TCBDQTAeFw0xNjA1MDkxMzQ3MTFaFw0xODA1MTExMzQ3MTBaMGAxITAfBgNVBAsT
- GERvbWFpbiBDb250cm9sIFZhbGlkYXRlZDEkMCIGA1UECxMbR2FuZGkgU3RhbmRh
- cmQgV2lsZGNhcmQgU1NMMRUwEwYDVQQDFAwqLmFoYy51ay5jb20wggEiMA0GCSqG
- SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA+Z18e+W6pT9VHdBt1JSqhudr54uCXa+K
- vBqBBnZ1rPSJboqHn882oXe+nqgwFRbDqlLaocLuERTZ4OJaauP+adKtlzdON3XJ
- R2c1MIOwF7Y8bwW384LmRYcnOxc1iAyd+DpiaLkQyjKRvkPiOReZlfp+pCuk9XU5
- NXzh3tRMeGaYh5HhhgkjcLui8+5xAFN6FevJfFrQCclXJa/+IXBYffS+d0viSc9L
- itDoz3tV2V+Vy/G8m+kJWEILkAhpentyrLCxHdkm99w09FiErYsDvuOjq18TGHI8
- H0P4Q7Msx5t9yYy53V30hnjnhRFCjIoBgzqbFTkH58CRv7sK1Gr1AgMBAAGjggGy
- MIIBrjAfBgNVHSMEGDAWgBS2qP+iqC/Qps1LsWjz51AQMad5ITAdBgNVHQ4EFgQU
- YWxJuAHPEzGeNcYL2YIpf1sd1eEwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQC
- MAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGAGA1UdIARZMFcwSwYL
- KwYBBAGyMQECAhowPDA6BggrBgEFBQcCARYuaHR0cDovL3d3dy5nYW5kaS5uZXQv
- Y29udHJhY3RzL2ZyL3NzbC9jcHMvcGRmLzAIBgZngQwBAgEwPAYDVR0fBDUwMzAx
- oC+gLYYraHR0cDovL2NybC5nYW5kaS5uZXQvR2FuZGlTdGFuZGFyZFNTTENBLmNy
- bDBqBggrBgEFBQcBAQReMFwwNwYIKwYBBQUHMAKGK2h0dHA6Ly9jcnQuZ2FuZGku
- bmV0L0dhbmRpU3RhbmRhcmRTU0xDQS5jcnQwIQYIKwYBBQUHMAGGFWh0dHA6Ly9v
- Y3NwLmdhbmRpLm5ldDAjBgNVHREEHDAaggwqLmFoYy51ay5jb22CCmFoYy51ay5j
- b20wDQYJKoZIhvcNAQEFBQADggEBAANwJw16pOplm/K+3io0toUBZSAkEf5fdA9E
- eiiVvlw0/bFSaabHWMSleMnaO0VD6BUqJ9pjj6BHYaZ6+R39x9BJYZw3mdfbV2Jb
- /mAlQnYfcaTeDoJqV3eaCoi+TBedNR+ruQecB+9MUiAsixGo0XGCycrpLDZl2PJU
- NkGPQ+LwF73OeiNt6otfo+cCbd8omrquGZ/C7CCay93UrO8g8hyjw4gpC87xjh4l
- ceei9KMjNowy0pa+pVPirhAs4vc/6rRuJH+dv+GAR8U0uqJvG6J8tYuq4ctzjV0U
- lWqxlkDPJZPPaRQtiopbGZRP8pLNVNgfde3Kvtf0vfhnx80EAFM=
- -----END CERTIFICATE-----
- subject=/OU=Domain Control Validated/OU=Gandi Standard Wildcard SSL/CN=*.ahc.uk.com
- issuer=/C=FR/O=GANDI SAS/CN=Gandi Standard SSL CA
- ---
- No client certificate CA names sent
- Server Temp Key: DH, 2048 bits
- ---
- SSL handshake has read 3613 bytes and written 631 bytes
- ---
- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
- Server public key is 2048 bit
- Secure Renegotiation IS supported
- Compression: NONE
- Expansion: NONE
- No ALPN negotiated
- SSL-Session:
- Protocol : TLSv1
- Cipher : DHE-RSA-AES256-SHA
- Session-ID: 94989CC037DDB2A694347CCB8EC91E26411AAF3618EA1EECBFA3131C262A2EFA
- Session-ID-ctx:
- Master-Key: 96CE5776E6AA5FF39B5773BE00E054F90D6D444540907E12B90BF2E618CD8067A83FA87FD7EEB8F3D4D35EA56FA73A40
- Key-Arg : None
- PSK identity: None
- PSK identity hint: None
- SRP username: None
- TLS session ticket:
- 0000 - e3 a2 65 ce 6a 48 9f 2c-b9 3a b6 76 31 5b f7 a3 ..e.jH.,.:.v1[..
- 0010 - 78 e7 a6 9f ce e1 a8 9e-0b 2a 7f 6e 89 22 78 84 x........*.n."x.
- 0020 - 88 86 05 96 ff d1 74 39-68 34 1b 66 1f c3 64 0c ......t9h4.f..d.
- 0030 - fc 63 a6 2a a1 1a 48 b5-b8 84 a5 28 86 e0 a2 ad .c.*..H....(....
- 0040 - 63 73 6a ba ad e1 7a 90-86 44 5b 54 86 7c a1 9c csj...z..D[T.|..
- 0050 - 9e 1b 08 1d b0 78 a7 77-b5 6f a9 5b 96 c8 3c 3d .....x.w.o.[..<=
- 0060 - 5d ef f7 e8 29 a6 d7 63-7a ae 36 3a 40 01 26 a1 ]...)..cz.6:@.&.
- 0070 - 5b 6a 11 4b 63 f8 ba d4-d0 ef bb d8 dc 48 1d ec [j.Kc........H..
- 0080 - 1b 08 7a f7 eb ab f1 42-81 a0 6f 22 8c 75 a5 ae ..z....B..o".u..
- 0090 - 71 9e ea f4 e7 b7 88 02-9c 0c 8c c4 54 1f 1a b8 q...........T...
- 00a0 - 08 e7 6b fb 85 1e 61 d9-ec 6e a8 a4 bf 7f 26 d4 ..k...a..n....&.
- 00b0 - a5 fc f8 db a5 79 36 92-d4 c1 ab f6 ee c9 5d 70 .....y6.......]p
- Start Time: 1462801984
- Timeout : 300 (sec)
- Verify return code: 21 (unable to verify the first certificate)
- Here is what its SUPPOSED to look like.
- depth=2 C = US, ST = UT, L = Salt Lake City, O = The USERTRUST Network, OU = http://www.usertrust.com, CN = UTN-USERFirst-Hardware
- verify return:1
- depth=1 C = FR, O = GANDI SAS, CN = Gandi Standard SSL CA
- verify return:1
- depth=0 OU = Domain Control Validated, OU = Gandi Standard Wildcard SSL, CN = *.ahc.uk.com
- verify return:1
- ---
- Certificate chain
- 0 s:/OU=Domain Control Validated/OU=Gandi Standard Wildcard SSL/CN=*.ahc.uk.com
- i:/C=FR/O=GANDI SAS/CN=Gandi Standard SSL CA
- 1 s:/C=FR/O=GANDI SAS/CN=Gandi Standard SSL CA
- i:/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware
- ---
- Server certificate
- -----BEGIN CERTIFICATE-----
- MIIE3zCCA8egAwIBAgIQPvWwploqE9X8PDZ2xEp0oTANBgkqhkiG9w0BAQUFADBB
- MQswCQYDVQQGEwJGUjESMBAGA1UEChMJR0FOREkgU0FTMR4wHAYDVQQDExVHYW5k
- aSBTdGFuZGFyZCBTU0wgQ0EwHhcNMTQwNzE3MDAwMDAwWhcNMTYwNzE3MjM1OTU5
- WjBgMSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxJDAiBgNVBAsT
- G0dhbmRpIFN0YW5kYXJkIFdpbGRjYXJkIFNTTDEVMBMGA1UEAxQMKi5haGMudWsu
- Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwPmdfHvluqU/VR3Q
- bdSUqobna+eLgl2virwagQZ2daz0iW6Kh5/PNqF3vp6oMBUWw6pS2qHC7hEU2eDi
- Wmrj/mnSrZc3Tjd1yUdnNTCDsBe2PG8Ft/OC5kWHJzsXNYgMnfg6Ymi5EMoykb5D
- 4jkXmZX6fqQrpPV1OTV84d7UTHhmmIeR4YYJI3C7ovPucQBTehXryXxa0AnJVyWv
- /iFwWH30vndL4knPS4rQ6M97VdlflcvxvJvpCVhCC5AIaXp7cqywsR3ZJvfcNPRY
- hK2LA77jo6tfExhyPB9D+EOzLMebfcmMud1d9IZ454URQoyKAYM6mxU5B+fAkb+7
- CtRq9QIDAQABo4IBsjCCAa4wHwYDVR0jBBgwFoAUtqj/oqgv0KbNS7Fo8+dQEDGn
- eSEwHQYDVR0OBBYEFGFsSbgBzxMxnjXGC9mCKX9bHdXhMA4GA1UdDwEB/wQEAwIF
- oDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBg
- BgNVHSAEWTBXMEsGCysGAQQBsjEBAgIaMDwwOgYIKwYBBQUHAgEWLmh0dHA6Ly93
- d3cuZ2FuZGkubmV0L2NvbnRyYWN0cy9mci9zc2wvY3BzL3BkZi8wCAYGZ4EMAQIB
- MDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuZ2FuZGkubmV0L0dhbmRpU3Rh
- bmRhcmRTU0xDQS5jcmwwagYIKwYBBQUHAQEEXjBcMDcGCCsGAQUFBzAChitodHRw
- Oi8vY3J0LmdhbmRpLm5ldC9HYW5kaVN0YW5kYXJkU1NMQ0EuY3J0MCEGCCsGAQUF
- BzABhhVodHRwOi8vb2NzcC5nYW5kaS5uZXQwIwYDVR0RBBwwGoIMKi5haGMudWsu
- Y29tggphaGMudWsuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQBXpvBvGyRHE9aDTGvu
- QCBGCPG3MKJmBA2z24mHKRBAvuZSSz+21wNjrS2LNmYqw4R1YewG6kdIJMt2e7L0
- Xbo53PjJyPZAYCx1CRighcmhgxuhe55LZfCy/Gn+S2gJvjf0tS6nvWKikHHzyJB3
- /Fy2cmpM9iNXE8f0F2xnXZBo99EH1PkSYwePMx1hkBdanHmjbdmyRfKU8+JFcta6
- NCpwXWH+KSDNf9aEnd7YXcH+iOi/W6hpyOCKr+ybKd4Lb7OBRow0GFmI3m7oSB1x
- dSZnDi5yyDPT8wDTDv6peQTBo9jiGKQISXNHGkwNBDeqnxc1Pb/OHGTyOMVHmvz5
- NdTQ
- -----END CERTIFICATE-----
- subject=/OU=Domain Control Validated/OU=Gandi Standard Wildcard SSL/CN=*.ahc.uk.com
- issuer=/C=FR/O=GANDI SAS/CN=Gandi Standard SSL CA
- ---
- No client certificate CA names sent
- Peer signing digest: SHA512
- Server Temp Key: ECDH, P-256, 256 bits
- ---
- SSL handshake has read 3104 bytes and written 431 bytes
- ---
- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
- Server public key is 2048 bit
- Secure Renegotiation IS supported
- Compression: NONE
- Expansion: NONE
- No ALPN negotiated
- SSL-Session:
- Protocol : TLSv1.2
- Cipher : ECDHE-RSA-AES256-GCM-SHA384
- Session-ID: 047C77B16710B58172EC4A66380740B3E746632F20E74E7BD66D2F90DD01C372
- Session-ID-ctx:
- Master-Key: 90F55EC7FEA36B1AE637220B9F355B834144FFEE23629B883F47072A3F6E3AC47FFC0EA7DF9E8AE47386B6EABA6149DF
- Key-Arg : None
- PSK identity: None
- PSK identity hint: None
- SRP username: None
- TLS session ticket lifetime hint: 300 (seconds)
- TLS session ticket:
- 0000 - b3 08 b4 41 ab a4 35 b5-15 c9 91 74 34 d7 46 92 ...A..5....t4.F.
- 0010 - 7a 2c b4 14 b1 25 e3 1d-85 5c e8 11 da e7 5b 3c z,...%...\....[<
- 0020 - f3 49 f0 37 52 ec 84 9f-55 69 2f 60 fb 87 12 e2 .I.7R...Ui/`....
- 0030 - 28 6e 7a 32 97 e8 7c 11-b9 34 21 ef 8c 26 23 f1 (nz2..|..4!..&#.
- 0040 - 7c 45 38 75 07 73 ad 4e-a0 7d 88 dd 65 eb 2f 85 |E8u.s.N.}..e./.
- 0050 - 1d 3b c3 80 da 4d 1f 6e-d5 f9 7c 7a f6 17 f4 eb .;...M.n..|z....
- 0060 - 98 f8 47 7a 62 ec 3a a8-e6 b0 b4 a5 6c 58 86 fd ..Gzb.:.....lX..
- 0070 - 8c 08 9d 3c 7a 88 2b 34-50 a0 95 bd bf 5e 35 b2 ...<z.+4P....^5.
- 0080 - 71 07 a4 c0 47 34 55 1e-cf 26 ad df 18 5f 80 c8 q...G4U..&..._..
- 0090 - 75 e9 38 5a 40 cd c9 9a-19 3a f4 98 f4 62 81 7f u.8Z@....:...b..
- Start Time: 1462802843
- Timeout : 300 (sec)
- Verify return code: 0 (ok)
- ---
RAW Paste Data
