API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 24th, 2017
470
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.38 KB | None | 0 0
raw download clone embed print report
  1. server {
  2. listen 443;
  3. server_name app-ca.test.com;
  4. ssl on;
  5.  
  6. ssl_certificate /root/ca/intermediate/certs/app-plus-intermediate.pem;
  7. ssl_certificate_key /root/ca/intermediate/private/app-ca-interm-ca.test.com.key.pem;
  8. ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  9. ssl_ciphers HIGH:!aNULL:!MD5;
  10. ssl_prefer_server_ciphers on;
  11.  
  12. # I have also tried adding the Intermediate CA cert in vain
  13. # ssl_client_certificate /root/client_rootca_intermediate.crt;
  14. ssl_client_certificate /root/client_rootca.crt;
  15. ssl_verify_client on;
  16.  
  17. location / {
  18. root /usr/share/nginx/massl;
  19. index index.html index.htm;
  20. }
  21. }
  22.  
  23. <html>
  24. <head><title>400 The SSL certificate error</title></head>
  25. <body bgcolor="white">
  26. <center><h1>400 Bad Request</h1></center>
  27. <center>The SSL certificate error</center>
  28. <hr><center>nginx/1.13.5</center>
  29. </body>
  30. </html>
  31.  
  32. $ openssl s_client -connect app-ca.test.com:443 -tls1 -key /root/ca/intermediate/private/client.key.pem -cert /root/ca/intermediate/certs/client.cert.pem -CAfile /root/server_rootca.crt -state -debug
  33. CONNECTED(00000003)
  34. SSL_connect:before/connect initialization
  35. write to 0x2239a90 [0x226e3c3] (181 bytes => 181 (0xB5))
  36. 0000 - 16 03 01 00 b0 01 00 00-ac 03 01 16 ed fa 81 3e ...............>
  37. 0010 - fc 25 c1 55 73 8a ca 5f-d3 56 11 a6 0f 38 6e 3c .%.Us.._.V...8n<
  38. 0020 - 52 fb 1f 9b fb 4f 4f 3e-5a fb 82 00 00 64 c0 14 R....OO>Z....d..
  39. 0090 - 00 ff 01 00 00 1f 00 0b-00 04 03 00 01 02 00 0a ................
  40. 00a0 - 00 0a 00 08 00 17 00 19-00 18 00 16 00 23 00 00 .............#..
  41. 00b0 - 00 0f 00 01 01 .....
  42. SSL_connect:SSLv3 write client hello A
  43. read from 0x2239a90 [0x2269e73] (5 bytes => 5 (0x5))
  44. 0000 - 16 03 01 00 42 ....B
  45. read from 0x2239a90 [0x2269e78] (66 bytes => 66 (0x42))
  46. 0000 - 02 00 00 3e 03 01 6f e5-89 1d bd 5a 58 26 d7 11 ...>..o....ZX&..
  47. 0010 - 8a 05 fd 2a 04 96 58 2e-2e 19 a7 89 46 a0 5b 21 ...*..X.....F.[!
  48. 0020 - c3 90 1c 3e 0b e6 00 c0-14 00 00 16 ff 01 00 01 ...>............
  49. 0030 - 00 00 0b 00 04 03 00 01-02 00 23 00 00 00 0f 00 ..........#.....
  50. 0040 - 01 01 ..
  51. SSL_connect:SSLv3 read server hello A
  52. read from 0x2239a90 [0x2269e73] (5 bytes => 5 (0x5))
  53. 0000 - 16 03 01 0c ab .....
  54. read from 0x2239a90 [0x2269e78] (3243 bytes => 3243 (0xCAB))
  55. 0000 - 0b 00 0c a7 00 0c a4 00-06 64 30 82 06 60 30 82 .........d0..`0.
  56.  
  57. 0c90 - 5f b6 c7 86 5d 41 b3 fb-9c fe d3 0a 26 01 f9 d9 _...]A......&...
  58. 0ca0 - a6 ae 7f ff 4f c7 0b e8-97 b3 1c ....O......
  59. depth=2 C = GB, ST = England, L = Melbourne, O = Alice Ltd, OU = IT Services, CN = server-and-ca.test.com, emailAddress = root@server-and-ca.test.com
  60. verify return:1
  61. depth=1 C = GB, ST = England, O = Alice Ltd, OU = Shared Services, CN = server-and-interm-ca.test.com, emailAddress = root@server-and-interm-ca.test.com
  62. verify return:1
  63. depth=0 C = US, ST = California, L = Mountain View, O = Alice Ltd, OU = Alice Ltd Web Services, CN = app-ca-interm-ca.test.com, emailAddress = root@app-ca-interm-ca.test.com
  64. verify return:1
  65. SSL_connect:SSLv3 read server certificate A
  66. read from 0x2239a90 [0x2269e73] (5 bytes => 5 (0x5))
  67. 0000 - 16 03 01 01 4b ....K
  68. read from 0x2239a90 [0x2269e78] (331 bytes => 331 (0x14B))
  69. 0000 - 0c 00 01 47 03 00 17 41-04 13 5d 81 04 36 18 e7 ...G...A..]..6..
  70. 0010 - da bf 5e 30 dd d8 ee 77-f9 56 aa 77 8b 9e cd 3e ..^0...w.V.w...>.
  71. 0110 - d1 82 65 0f 5d 9c 03 ba-5f 7f 62 33 a8 a6 62 8e ..e.]..._.b3..b.
  72. 0120 - f2 5c 03 1d 4d 47 04 16-cb 80 09 39 32 be ca 23 ...MG.....92..#
  73. 0130 - 41 95 36 a6 4b 6b f0 6c-df a5 4b 26 d4 4a c5 f3 A.6.Kk.l..K&.J..
  74. 0140 - 99 0d c8 d8 aa 5d f8 88-86 b3 15 .....].....
  75. SSL_connect:SSLv3 read server key exchange A
  76. read from 0x2239a90 [0x2269e73] (5 bytes => 5 (0x5))
  77. 0000 - 16 03 01 00 bc .....
  78. read from 0x2239a90 [0x2269e78] (188 bytes => 188 (0xBC))
  79. 0000 - 0d 00 00 b4 03 01 02 40-00 ae 00 ac 30 81 a9 31 .......@....0..1
  80. 0010 - 0b 30 09 06 03 55 04 06-13 02 47 42 31 10 30 0e .0...U....GB1.0.
  81. 0090 - 06 09 2a 86 48 86 f7 0d-01 09 01 16 1b 72 6f 6f ..*.H........roo
  82. 00a0 - 74 40 63 6c 69 65 6e 74-2d 61 6e 64 2d 63 61 2e t@client-and-ca.
  83. 00b0 - 74 65 73 74 2e 63 6f 6d-0e test.com.
  84. 00bc - <SPACES/NULS>
  85. SSL_connect:SSLv3 read server certificate request A
  86. SSL_connect:SSLv3 read server done A
  87. write to 0x2239a90 [0x2273910] (1593 bytes => 1593 (0x639))
  88. 0000 - 16 03 01 06 34 0b 00 06-30 00 06 2d 00 06 2a 30 ....4...0..-..*0
  89. 0010 - 82 06 26 30 82 04 0e a0-03 02 01 02 02 02 10 00 ..&0............
  90. 05f0 - 29 2a 6c 40 d1 ed 8f 6d-15 b2 cd 6a 7b 72 30 91 )*l@...m...j{r0.
  91. 0600 - ea 29 16 48 f2 11 21 15-3a 50 32 8b 95 87 b8 09 .).H..!.:P2.....
  92. 0610 - 11 84 9a a4 d2 b8 46 33-7a a2 79 51 ba 23 8c 96 ......F3z.yQ.#..
  93. 0620 - 45 62 2e b9 f5 ea 23 79-53 e0 cb 72 1f e6 19 d4 Eb....#yS..r....
  94. 0630 - 75 18 a8 2e 44 2f f3 8b-a7 u...D/...
  95. SSL_connect:SSLv3 write client certificate A
  96. write to 0x2239a90 [0x2273910] (75 bytes => 75 (0x4B))
  97. 0000 - 16 03 01 00 46 10 00 00-42 41 04 b9 b3 02 d2 bc ....F...BA......
  98. 0010 - e2 8b 49 a7 f6 8c 59 66-fc 0e 39 79 c7 23 34 e9 ..I...Yf..9y.#4.
  99. 0020 - 3e 04 98 3a 60 78 1d aa-51 06 46 80 09 10 c4 7e >..:`x..Q.F....~
  100. 0030 - a5 e7 05 d1 82 f2 0d bb-9a ca e7 29 01 0b 88 6d ...........)...m
  101. 0040 - ed c3 52 73 b1 d4 3a 95-00 e8 ..Rs..:...
  102. 004b - <SPACES/NULS>
  103. SSL_connect:SSLv3 write client key exchange A
  104. write to 0x2239a90 [0x2273910] (267 bytes => 267 (0x10B))
  105. 0000 - 16 03 01 01 06 0f 00 01-02 01 00 5e 29 8e 7c 69 ...........^).|i
  106. 0010 - 1e 10 0d 01 39 35 db 18-7e 4a a7 12 ae 12 7e f0 ....95..~J....~.
  107. 0020 - d6 93 c5 0a ba 5d e4 f1-a4 ae 8f c4 7d 52 80 16 .....]......}R..
  108. 00f0 - 6f 1f 56 73 bc ab 7f 07-1d f7 b4 ec d7 58 57 cd o.Vs.........XW.
  109. 0100 - cd e0 37 b3 58 09 3a 75-93 02 ab ..7.X.:u...
  110. SSL_connect:SSLv3 write certificate verify A
  111. write to 0x2239a90 [0x2273910] (6 bytes => 6 (0x6))
  112. 0000 - 14 03 01 00 01 01 ......
  113. SSL_connect:SSLv3 write change cipher spec A
  114. write to 0x2239a90 [0x2273910] (53 bytes => 53 (0x35))
  115. 0000 - 16 03 01 00 30 24 90 78-08 d3 10 f3 f8 e3 c8 86 ....0$.x........
  116. 0010 - 82 f1 54 d1 38 7b 57 7b-83 a3 49 b9 3b 80 b2 86 ..T.8{W{..I.;...
  117. 0020 - 54 74 92 ec 9a a7 e7 28-1a ec 72 4c 64 8e f3 e3 Tt.....(..rLd...
  118. 0030 - 08 96 89 2a 03 ...*.
  119. SSL_connect:SSLv3 write finished A
  120. SSL_connect:SSLv3 flush data
  121. read from 0x2239a90 [0x2269e73] (5 bytes => 5 (0x5))
  122. 0000 - 16 03 01 06 ea .....
  123. read from 0x2239a90 [0x2269e78] (1770 bytes => 1770 (0x6EA))
  124. 0000 - 04 00 06 e6 00 00 01 2c-06 e0 09 8d 58 07 45 c9 .......,....X.E.
  125. 0010 - 58 49 42 f4 13 00 47 12-be 22 a2 e3 a0 b6 22 bd XIB...G.."....".
  126. 06d0 - a1 11 26 db 43 c8 6e 47-2f 40 65 61 e1 4e ef 0a ..&.C.nG/@ea.N..
  127. 06e0 - 57 e0 28 19 2d 0d c6 7f-ae 2e W.(.-.....
  128. SSL_connect:SSLv3 read server session ticket A
  129. read from 0x2239a90 [0x2269e73] (5 bytes => 5 (0x5))
  130. 0000 - 14 03 01 00 01 .....
  131. read from 0x2239a90 [0x2269e78] (1 bytes => 1 (0x1))
  132. 0000 - 01 .
  133. read from 0x2239a90 [0x2269e73] (5 bytes => 5 (0x5))
  134. 0000 - 16 03 01 00 30 ....0
  135. read from 0x2239a90 [0x2269e78] (48 bytes => 48 (0x30))
  136. 0000 - 7d 5f 53 a4 5e 85 67 67-8d 6c d6 6e 93 cd c6 75 }_S.^.gg.l.n...u
  137. 0010 - c1 83 17 d9 a8 e3 89 23-86 6b 8a 04 2d 46 7e 95 .......#.k..-F~.
  138. 0020 - 15 46 a4 ec 73 f3 3d 78-1b 0e 94 62 79 cf 96 3d .F..s.=x...by..=
  139. SSL_connect:SSLv3 read finished A
  140. ---
  141. Certificate chain
  142. 0 s:/C=US/ST=California/L=Mountain View/O=Alice Ltd/OU=Alice Ltd Web Services/CN=app-ca-interm-ca.test.com/emailAddress=root@app-ca-interm-ca.test.com
  143. i:/C=GB/ST=England/O=Alice Ltd/OU=Shared Services/CN=server-and-interm-ca.test.com/emailAddress=root@server-and-interm-ca.test.com
  144. 1 s:/C=GB/ST=England/O=Alice Ltd/OU=Shared Services/CN=server-and-interm-ca.test.com/emailAddress=root@server-and-interm-ca.test.com
  145. i:/C=GB/ST=England/L=Melbourne/O=Alice Ltd/OU=IT Services/CN=server-and-ca.test.com/emailAddress=root@server-and-ca.test.com
  146. ---
  147. Server certificate
  148. -----BEGIN CERTIFICATE-----
  149. MIIGYDCCBEigAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgagxCzAJBgNVBAYTAkdC
  150. MRAwDgYDVQQIDAdFbmdsYW5kMRIwEAYDVQQKDAlBbGljZSBMdGQxGDAWBgNVBAsM
  151. zBcik+fj+MUtDzhEl6EuW1ILjAvt5u4KBxj6d0yAXzleACOYncYWWzMfQdrFmwKh
  152. W2opZQ==
  153. -----END CERTIFICATE-----
  154. subject=/C=US/ST=California/L=Mountain View/O=Alice Ltd/OU=Alice Ltd Web Services/CN=app-ca-interm-ca.test.com/emailAddress=root@app-ca-interm-ca.test.com
  155. issuer=/C=GB/ST=England/O=Alice Ltd/OU=Shared Services/CN=server-and-interm-ca.test.com/emailAddress=root@server-and-interm-ca.test.com
  156. ---
  157. Acceptable client certificate CA names
  158. /C=GB/ST=England/L=Sydney/O=Something/OU=Shared Services/CN=client-and-ca.test.com/emailAddress=root@client-and-ca.test.com
  159. Client Certificate Types: RSA sign, DSA sign, ECDSA sign
  160. Server Temp Key: ECDH, P-256, 256 bits
  161. ---
  162. SSL handshake has read 5682 bytes and written 2175 bytes
  163. ---
  164. New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA
  165. Server public key is 2048 bit
  166. Secure Renegotiation IS supported
  167. Compression: NONE
  168. Expansion: NONE
  169. No ALPN negotiated
  170. SSL-Session:
  171. Protocol : TLSv1
  172. Cipher : ECDHE-RSA-AES256-SHA
  173. Session-ID: 2AF7BFD60D3EC4686EAAAE1971FBD8999E65C5C80A32182CB9A668B1411DB09C
  174. Session-ID-ctx:
  175. Master-Key: B3F714B4ACB61C6310311025B25AFBAFA9E9AAEBB5ACD5FEEAE5DCAE2690DECBFA4EC5CBD2C8A50F349F43026CD0C564
  176. Key-Arg : None
  177. Krb5 Principal: None
  178. PSK identity: None
  179. PSK identity hint: None
  180. TLS session ticket lifetime hint: 300 (seconds)
  181. TLS session ticket:
  182. 0000 - 09 8d 58 07 45 c9 58 49-42 f4 13 00 47 12 be 22 ..X.E.XIB...G.."
  183. 0010 - a2 e3 a0 b6 22 bd 0d 71-c9 46 bd ab 84 85 06 f7 ...."..q.F......
  184. 06b0 - 66 76 1f 3e 49 23 dc 2b-be 9e d5 03 b8 a5 a1 7d fv.>I#.+.......}
  185. 06c0 - 4d 56 79 3f 81 78 a1 11-26 db 43 c8 6e 47 2f 40 MVy?.x..&.C.nG/@
  186. 06d0 - 65 61 e1 4e ef 0a 57 e0-28 19 2d 0d c6 7f ae 2e ea.N..W.(.-.....
  187.  
  188. Start Time: 1506251677
  189. Timeout : 7200 (sec)
  190. Verify return code: 0 (ok)
  191. ---
  192. GET / HTTP/1.0
  193. write to 0x2239a90 [0x226e3c6] (90 bytes => 90 (0x5A))
  194. 0000 - 17 03 01 00 20 ca 44 95-8c a0 32 52 4d da d8 02 .... .D...2RM...
  195. 0010 - db bd 97 88 0e e3 cb b9-9e fb 50 7e 71 24 37 83 ..........P~q$7.
  196. 0020 - f8 48 03 a0 a1 17 03 01-00 30 db 99 b2 0c 6c e6 .H.......0....l.
  197. 0030 - f4 25 3d 54 2f b1 a3 3c-be 2a 36 94 6c ce 6d 8d .%=T/..<.*6.l.m.
  198. 0040 - 3d 54 82 d3 f0 2a 40 3d-fc 3f 1b 3e 4a 40 10 e5 =T...*@=.?.>J@..
  199. 0050 - 1d eb ab 00 69 f1 e0 4a-27 47 ....i..J'G
  200.  
  201. write to 0x2239a90 [0x226e3c6] (74 bytes => 74 (0x4A))
  202. 0000 - 17 03 01 00 20 95 06 3d-51 d5 7c c2 05 ef a7 d6 .... ..=Q.|.....
  203. 0010 - 2b 25 9c dd ec 5f 7c c0-15 83 c6 ca ea 47 a1 b2 +%..._|......G..
  204. 0020 - 82 2d 46 7d 64 17 03 01-00 20 3b 2e 36 63 10 b3 .-F}d.... ;.6c..
  205. 0030 - 50 c7 ec 36 a4 27 a0 4d-db bb 83 b5 c6 e8 d5 fa P..6.'.M........
  206. 0040 - ca 76 dc e7 63 8f 94 b3-24 3f .v..c...$?
  207. read from 0x2239a90 [0x2269e73] (5 bytes => 5 (0x5))
  208. 0000 - 17 03 01 01 a0 .....
  209. read from 0x2239a90 [0x2269e78] (416 bytes => 416 (0x1A0))
  210. 0000 - a6 8b c1 bb a4 aa 12 2e-81 d9 45 41 74 0e 33 a4 ..........EAt.3.
  211. 0190 - 37 be 58 ca 01 80 fc 7c-79 2b 3f 54 a4 cd 4a 07 7.X....|y+?T..J.
  212. HTTP/1.1 400 Bad Request
  213. Server: nginx/1.13.5
  214. Date: Sun, 24 Sep 2017 11:14:49 GMT
  215. Content-Type: text/html
  216. Content-Length: 231
  217. Connection: close
  218.  
  219. <html>
  220. <head><title>400 The SSL certificate error</title></head>
  221. <body bgcolor="white">
  222. <center><h1>400 Bad Request</h1></center>
  223. <center>The SSL certificate error</center>
  224. <hr><center>nginx/1.13.5</center>
  225. </body>
  226. </html>
  227. read from 0x2239a90 [0x2269e73] (5 bytes => 5 (0x5))
  228. 0000 - 15 03 01 ...
  229. 0005 - <SPACES/NULS>
  230. read from 0x2239a90 [0x2269e78] (32 bytes => 32 (0x20))
  231. 0000 - c3 75 ba 40 21 83 f7 0e-11 98 7b 44 84 bb 23 d5 .u.@!.....{D..#.
  232. 0010 - 80 32 1e 3e b6 b7 dd 4a-16 09 31 e9 62 a9 cd a3 .2.>...J..1.b...
  233. SSL3 alert read:warning:close notify
  234. closed
  235. write to 0x2239a90 [0x226e3c3] (37 bytes => 37 (0x25))
  236. 0000 - 15 03 01 00 20 bd 18 f2-df 1b 84 fc 8e e0 80 a1 .... ...........
  237. 0010 - 2f 6f 31 b4 4c fc 1c e5-36 1f c5 fb 5d c0 f8 dc /o1.L...6...]...
  238. 0020 - 19 6b 03 c3 2d .k..-
  239. SSL3 alert write:warning:close notify
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!