z9721 |
02-22-2014 08:31 PM |
Apparently wget on Debian is compiled against GnuTLS, and wget on Ubuntu is compiled against OpenSSL.
diff -y ubuntu-ca-certificates.conf debian-ca-certificates.conf (the highlighted certificate is the one used for validation on the Ubuntu system)
Code:
Ubuntu 12.04.4: Debian 7.4:
cacert.org/cacert.org.crt cacert.org/cacert.org.crt
debconf.org/ca.crt debconf.org/ca.crt
mozilla/A-Trust-nQual-03.crt mozilla/A-Trust-nQual-03.crt
mozilla/ACEDICOM_Root.crt mozilla/ACEDICOM_Root.crt
mozilla/AC_Raíz_Certicámara_S.A..crt mozilla/AC_Raíz_Certicámara_S.A..crt
> mozilla/Actalis_Authentication_Root_CA.crt
mozilla/AddTrust_External_Root.crt mozilla/AddTrust_External_Root.crt
mozilla/AddTrust_Low-Value_Services_Root.crt mozilla/AddTrust_Low-Value_Services_Root.crt
mozilla/AddTrust_Public_Services_Root.crt mozilla/AddTrust_Public_Services_Root.crt
mozilla/AddTrust_Qualified_Certificates_Root.crt mozilla/AddTrust_Qualified_Certificates_Root.crt
mozilla/AffirmTrust_Commercial.crt mozilla/AffirmTrust_Commercial.crt
mozilla/AffirmTrust_Networking.crt mozilla/AffirmTrust_Networking.crt
mozilla/AffirmTrust_Premium.crt mozilla/AffirmTrust_Premium.crt
mozilla/AffirmTrust_Premium_ECC.crt mozilla/AffirmTrust_Premium_ECC.crt
mozilla/America_Online_Root_Certification_Authority_1 mozilla/America_Online_Root_Certification_Authority_1
mozilla/America_Online_Root_Certification_Authority_2 mozilla/America_Online_Root_Certification_Authority_2
mozilla/ApplicationCA_-_Japanese_Government.crt mozilla/ApplicationCA_-_Japanese_Government.crt
mozilla/Autoridad_de_Certificacion_Firmaprofesional_C mozilla/Autoridad_de_Certificacion_Firmaprofesional_C
mozilla/Baltimore_CyberTrust_Root.crt mozilla/Baltimore_CyberTrust_Root.crt
mozilla/Buypass_Class_2_CA_1.crt mozilla/Buypass_Class_2_CA_1.crt
> mozilla/Buypass_Class_2_Root_CA.crt
mozilla/Buypass_Class_3_CA_1.crt mozilla/Buypass_Class_3_CA_1.crt
> mozilla/Buypass_Class_3_Root_CA.crt
mozilla/CA_Disig.crt mozilla/CA_Disig.crt
mozilla/CNNIC_ROOT.crt mozilla/CNNIC_ROOT.crt
mozilla/COMODO_Certification_Authority.crt mozilla/COMODO_Certification_Authority.crt
mozilla/COMODO_ECC_Certification_Authority.crt mozilla/COMODO_ECC_Certification_Authority.crt
mozilla/Camerfirma_Chambers_of_Commerce_Root.crt mozilla/Camerfirma_Chambers_of_Commerce_Root.crt
mozilla/Camerfirma_Global_Chambersign_Root.crt mozilla/Camerfirma_Global_Chambersign_Root.crt
mozilla/Certigna.crt mozilla/Certigna.crt
mozilla/Certinomis_-_Autorité_Racine.crt mozilla/Certinomis_-_Autorité_Racine.crt
mozilla/Certplus_Class_2_Primary_CA.crt mozilla/Certplus_Class_2_Primary_CA.crt
mozilla/Certum_Root_CA.crt mozilla/Certum_Root_CA.crt
mozilla/Certum_Trusted_Network_CA.crt mozilla/Certum_Trusted_Network_CA.crt
mozilla/Chambers_of_Commerce_Root_-_2008.crt mozilla/Chambers_of_Commerce_Root_-_2008.crt
mozilla/ComSign_CA.crt mozilla/ComSign_CA.crt
mozilla/ComSign_Secured_CA.crt mozilla/ComSign_Secured_CA.crt
mozilla/Comodo_AAA_Services_root.crt mozilla/Comodo_AAA_Services_root.crt
mozilla/Comodo_Secure_Services_root.crt mozilla/Comodo_Secure_Services_root.crt
mozilla/Comodo_Trusted_Services_root.crt mozilla/Comodo_Trusted_Services_root.crt
mozilla/Cybertrust_Global_Root.crt mozilla/Cybertrust_Global_Root.crt
mozilla/DST_ACES_CA_X6.crt mozilla/DST_ACES_CA_X6.crt
mozilla/DST_Root_CA_X3.crt mozilla/DST_Root_CA_X3.crt
mozilla/Deutsche_Telekom_Root_CA_2.crt mozilla/Deutsche_Telekom_Root_CA_2.crt
mozilla/DigiCert_Assured_ID_Root_CA.crt mozilla/DigiCert_Assured_ID_Root_CA.crt
mozilla/DigiCert_Global_Root_CA.crt mozilla/DigiCert_Global_Root_CA.crt
mozilla/DigiCert_High_Assurance_EV_Root_CA.crt mozilla/DigiCert_High_Assurance_EV_Root_CA.crt
mozilla/Digital_Signature_Trust_Co._Global_CA_1.crt mozilla/Digital_Signature_Trust_Co._Global_CA_1.crt
mozilla/Digital_Signature_Trust_Co._Global_CA_3.crt mozilla/Digital_Signature_Trust_Co._Global_CA_3.crt
mozilla/E-Guven_Kok_Elektronik_Sertifika_Hizmet_Sagla mozilla/E-Guven_Kok_Elektronik_Sertifika_Hizmet_Sagla
mozilla/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.c mozilla/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.c
> mozilla/EC-ACC.crt
> mozilla/EE_Certification_Centre_Root_CA.crt
mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt
mozilla/Entrust.net_Secure_Server_CA.crt mozilla/Entrust.net_Secure_Server_CA.crt
mozilla/Entrust_Root_Certification_Authority.crt mozilla/Entrust_Root_Certification_Authority.crt
mozilla/Equifax_Secure_CA.crt mozilla/Equifax_Secure_CA.crt
mozilla/Equifax_Secure_Global_eBusiness_CA.crt mozilla/Equifax_Secure_Global_eBusiness_CA.crt
mozilla/Equifax_Secure_eBusiness_CA_1.crt mozilla/Equifax_Secure_eBusiness_CA_1.crt
mozilla/Equifax_Secure_eBusiness_CA_2.crt mozilla/Equifax_Secure_eBusiness_CA_2.crt
mozilla/Firmaprofesional_Root_CA.crt mozilla/Firmaprofesional_Root_CA.crt
mozilla/GTE_CyberTrust_Global_Root.crt mozilla/GTE_CyberTrust_Global_Root.crt
mozilla/GeoTrust_Global_CA.crt mozilla/GeoTrust_Global_CA.crt
mozilla/GeoTrust_Global_CA_2.crt mozilla/GeoTrust_Global_CA_2.crt
mozilla/GeoTrust_Primary_Certification_Authority.crt mozilla/GeoTrust_Primary_Certification_Authority.crt
mozilla/GeoTrust_Primary_Certification_Authority_-_G2 mozilla/GeoTrust_Primary_Certification_Authority_-_G2
mozilla/GeoTrust_Primary_Certification_Authority_-_G3 mozilla/GeoTrust_Primary_Certification_Authority_-_G3
mozilla/GeoTrust_Universal_CA.crt mozilla/GeoTrust_Universal_CA.crt
mozilla/GeoTrust_Universal_CA_2.crt mozilla/GeoTrust_Universal_CA_2.crt
mozilla/GlobalSign_Root_CA.crt mozilla/GlobalSign_Root_CA.crt
mozilla/GlobalSign_Root_CA_-_R2.crt mozilla/GlobalSign_Root_CA_-_R2.crt
mozilla/GlobalSign_Root_CA_-_R3.crt mozilla/GlobalSign_Root_CA_-_R3.crt
mozilla/Global_Chambersign_Root_-_2008.crt mozilla/Global_Chambersign_Root_-_2008.crt
mozilla/Go_Daddy_Class_2_CA.crt mozilla/Go_Daddy_Class_2_CA.crt
mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt
> mozilla/Hellenic_Academic_and_Research_Institutions_R
mozilla/Hongkong_Post_Root_CA_1.crt mozilla/Hongkong_Post_Root_CA_1.crt
mozilla/IGC_A.crt mozilla/IGC_A.crt
mozilla/Izenpe.com.crt mozilla/Izenpe.com.crt
mozilla/Juur-SK.crt mozilla/Juur-SK.crt
mozilla/Microsec_e-Szigno_Root_CA.crt mozilla/Microsec_e-Szigno_Root_CA.crt
mozilla/Microsec_e-Szigno_Root_CA_2009.crt mozilla/Microsec_e-Szigno_Root_CA_2009.crt
mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt
mozilla/NetLock_Business_=Class_B=_Root.crt mozilla/NetLock_Business_=Class_B=_Root.crt
mozilla/NetLock_Express_=Class_C=_Root.crt mozilla/NetLock_Express_=Class_C=_Root.crt
mozilla/NetLock_Notary_=Class_A=_Root.crt mozilla/NetLock_Notary_=Class_A=_Root.crt
mozilla/NetLock_Qualified_=Class_QA=_Root.crt mozilla/NetLock_Qualified_=Class_QA=_Root.crt
mozilla/Network_Solutions_Certificate_Authority.crt mozilla/Network_Solutions_Certificate_Authority.crt
mozilla/OISTE_WISeKey_Global_Root_GA_CA.crt mozilla/OISTE_WISeKey_Global_Root_GA_CA.crt
mozilla/QuoVadis_Root_CA.crt mozilla/QuoVadis_Root_CA.crt
mozilla/QuoVadis_Root_CA_2.crt mozilla/QuoVadis_Root_CA_2.crt
mozilla/QuoVadis_Root_CA_3.crt mozilla/QuoVadis_Root_CA_3.crt
mozilla/RSA_Root_Certificate_1.crt mozilla/RSA_Root_Certificate_1.crt
mozilla/RSA_Security_2048_v3.crt mozilla/RSA_Security_2048_v3.crt
mozilla/Root_CA_Generalitat_Valenciana.crt mozilla/Root_CA_Generalitat_Valenciana.crt
mozilla/S-TRUST_Authentication_and_Encryption_Root_CA mozilla/S-TRUST_Authentication_and_Encryption_Root_CA
mozilla/SecureSign_RootCA11.crt mozilla/SecureSign_RootCA11.crt
mozilla/SecureTrust_CA.crt mozilla/SecureTrust_CA.crt
mozilla/Secure_Global_CA.crt mozilla/Secure_Global_CA.crt
mozilla/Security_Communication_EV_RootCA1.crt mozilla/Security_Communication_EV_RootCA1.crt
> mozilla/Security_Communication_RootCA2.crt
mozilla/Security_Communication_Root_CA.crt mozilla/Security_Communication_Root_CA.crt
mozilla/Sonera_Class_1_Root_CA.crt mozilla/Sonera_Class_1_Root_CA.crt
mozilla/Sonera_Class_2_Root_CA.crt mozilla/Sonera_Class_2_Root_CA.crt
mozilla/Staat_der_Nederlanden_Root_CA.crt mozilla/Staat_der_Nederlanden_Root_CA.crt
mozilla/Staat_der_Nederlanden_Root_CA_-_G2.crt mozilla/Staat_der_Nederlanden_Root_CA_-_G2.crt
mozilla/Starfield_Class_2_CA.crt mozilla/Starfield_Class_2_CA.crt
mozilla/Starfield_Root_Certificate_Authority_-_G2.crt mozilla/Starfield_Root_Certificate_Authority_-_G2.crt
mozilla/Starfield_Services_Root_Certificate_Authority mozilla/Starfield_Services_Root_Certificate_Authority
mozilla/StartCom_Certification_Authority.crt mozilla/StartCom_Certification_Authority.crt
> mozilla/StartCom_Certification_Authority_G2.crt
mozilla/SwissSign_Gold_CA_-_G2.crt mozilla/SwissSign_Gold_CA_-_G2.crt
mozilla/SwissSign_Platinum_CA_-_G2.crt mozilla/SwissSign_Platinum_CA_-_G2.crt
mozilla/SwissSign_Silver_CA_-_G2.crt mozilla/SwissSign_Silver_CA_-_G2.crt
mozilla/Swisscom_Root_CA_1.crt mozilla/Swisscom_Root_CA_1.crt
> mozilla/T-TeleSec_GlobalRoot_Class_3.crt
mozilla/TC_TrustCenter_Class_2_CA_II.crt mozilla/TC_TrustCenter_Class_2_CA_II.crt
mozilla/TC_TrustCenter_Class_3_CA_II.crt mozilla/TC_TrustCenter_Class_3_CA_II.crt
mozilla/TC_TrustCenter_Universal_CA_I.crt mozilla/TC_TrustCenter_Universal_CA_I.crt
mozilla/TC_TrustCenter_Universal_CA_III.crt mozilla/TC_TrustCenter_Universal_CA_III.crt
mozilla/TC_TrustCenter__Germany__Class_2_CA.crt <
mozilla/TC_TrustCenter__Germany__Class_3_CA.crt <
mozilla/TDC_Internet_Root_CA.crt mozilla/TDC_Internet_Root_CA.crt
mozilla/TDC_OCES_Root_CA.crt mozilla/TDC_OCES_Root_CA.crt
mozilla/TURKTRUST_Certificate_Services_Provider_Root_ mozilla/TURKTRUST_Certificate_Services_Provider_Root_
mozilla/TURKTRUST_Certificate_Services_Provider_Root_ mozilla/TURKTRUST_Certificate_Services_Provider_Root_
mozilla/TWCA_Root_Certification_Authority.crt mozilla/TWCA_Root_Certification_Authority.crt
mozilla/Taiwan_GRCA.crt mozilla/Taiwan_GRCA.crt
mozilla/Thawte_Premium_Server_CA.crt mozilla/Thawte_Premium_Server_CA.crt
mozilla/Thawte_Server_CA.crt mozilla/Thawte_Server_CA.crt
> mozilla/Trustis_FPS_Root_CA.crt
mozilla/TÜBİTAK_UEKAE_Kök_Sertifika_Hizmet_Sağlayıcıs mozilla/TÜBİTAK_UEKAE_Kök_Sertifika_Hizmet_Sağlayıcıs
mozilla/UTN_DATACorp_SGC_Root_CA.crt mozilla/UTN_DATACorp_SGC_Root_CA.crt
mozilla/UTN_USERFirst_Email_Root_CA.crt mozilla/UTN_USERFirst_Email_Root_CA.crt
mozilla/UTN_USERFirst_Hardware_Root_CA.crt mozilla/UTN_USERFirst_Hardware_Root_CA.crt
mozilla/ValiCert_Class_1_VA.crt mozilla/ValiCert_Class_1_VA.crt
mozilla/ValiCert_Class_2_VA.crt mozilla/ValiCert_Class_2_VA.crt
mozilla/VeriSign_Class_3_Public_Primary_Certification mozilla/VeriSign_Class_3_Public_Primary_Certification
mozilla/VeriSign_Class_3_Public_Primary_Certification mozilla/VeriSign_Class_3_Public_Primary_Certification
mozilla/VeriSign_Universal_Root_Certification_Authori mozilla/VeriSign_Universal_Root_Certification_Authori
mozilla/Verisign_Class_1_Public_Primary_Certification mozilla/Verisign_Class_1_Public_Primary_Certification
mozilla/Verisign_Class_1_Public_Primary_Certification mozilla/Verisign_Class_1_Public_Primary_Certification
mozilla/Verisign_Class_1_Public_Primary_Certification mozilla/Verisign_Class_1_Public_Primary_Certification
mozilla/Verisign_Class_2_Public_Primary_Certification <
mozilla/Verisign_Class_2_Public_Primary_Certification mozilla/Verisign_Class_2_Public_Primary_Certification
mozilla/Verisign_Class_2_Public_Primary_Certification mozilla/Verisign_Class_2_Public_Primary_Certification
mozilla/Verisign_Class_3_Public_Primary_Certification mozilla/Verisign_Class_3_Public_Primary_Certification
mozilla/Verisign_Class_3_Public_Primary_Certification mozilla/Verisign_Class_3_Public_Primary_Certification
mozilla/Verisign_Class_3_Public_Primary_Certification mozilla/Verisign_Class_3_Public_Primary_Certification
mozilla/Verisign_Class_4_Public_Primary_Certification <
mozilla/Verisign_Class_4_Public_Primary_Certification mozilla/Verisign_Class_4_Public_Primary_Certification
mozilla/Visa_eCommerce_Root.crt mozilla/Visa_eCommerce_Root.crt
mozilla/WellsSecure_Public_Root_Certificate_Authority mozilla/WellsSecure_Public_Root_Certificate_Authority
mozilla/Wells_Fargo_Root_CA.crt mozilla/Wells_Fargo_Root_CA.crt
mozilla/XRamp_Global_CA_Root.crt mozilla/XRamp_Global_CA_Root.crt
mozilla/certSIGN_ROOT_CA.crt mozilla/certSIGN_ROOT_CA.crt
mozilla/ePKI_Root_Certification_Authority.crt mozilla/ePKI_Root_Certification_Authority.crt
mozilla/thawte_Primary_Root_CA.crt mozilla/thawte_Primary_Root_CA.crt
mozilla/thawte_Primary_Root_CA_-_G2.crt mozilla/thawte_Primary_Root_CA_-_G2.crt
mozilla/thawte_Primary_Root_CA_-_G3.crt mozilla/thawte_Primary_Root_CA_-_G3.crt
spi-inc.org/spi-ca-2003.crt spi-inc.org/spi-ca-2003.crt
spi-inc.org/spi-cacert-2008.crt spi-inc.org/spi-cacert-2008.crt
Ubuntu 12.04.4 LTS (no wget certificate errors):
ldd /usr/bin/wget | egrep "(ssl|crypto)"
Code:
libssl.so.1.0.0 => /lib/x86_64-linux-gnu/libssl.so.1.0.0 (0x00007f8770d9a000)
libcrypto.so.1.0.0 => /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 (0x00007f87709bf000)
wget -v -d https://sso.emu.dk/unilogin
Code:
DEBUG output created by Wget 1.13.4 on linux-gnu.
URI encoding = `UTF-8'
--2014-02-23 01:35:02-- https://sso.emu.dk/unilogin
Resolving sso.emu.dk (sso.emu.dk)... 80.209.175.14
Caching sso.emu.dk => 80.209.175.14
Connecting to sso.emu.dk (sso.emu.dk)|80.209.175.14|:443... connected.
Created socket 3.
Releasing 0x000000000250e9e0 (new refcount 1).
Initiating SSL handshake.
Handshake successful; connected socket 3 to SSL handle 0x000000000250ec40
certificate:
subject: /OU=Domain Control Validated/CN=*.emu.dk
issuer: /C=NL/O=TERENA/CN=TERENA SSL CA
X509 certificate successfully verified and matches host sso.emu.dk
---request begin---
GET /unilogin HTTP/1.1
User-Agent: Wget/1.13.4 (linux-gnu)
Accept: */*
Host: sso.emu.dk
Connection: Keep-Alive
---request end---
HTTP request sent, awaiting response...
---response begin---
HTTP/1.1 200 OK
Date: Sun, 23 Feb 2014 00:35:03 GMT
Server: Apache/2.2.3 (Oracle)
Expires: Sun, 23 Feb 2014 00:35:03 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="OTI DSP COR CURa ADMa DEVa TAIa OTPi OUR SAMi STP IND PHY UNI COM NAV INT DEM"
P3P: policyref="/w3c/p3p.xml"
Expires: Sun, 23 Feb 2014 00:35:03 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Length: 739
Connection: close
Content-Type: text/html; charset=utf-8
---response end---
200 OK
URI content encoding = `utf-8'
Length: 739 [text/html]
Saving to: `unilogin'
100%[=================================================================================>] 739 --.-K/s in 0s
Closed 3/SSL 0x000000000250ec40
2014-02-23 01:35:02 (194 MB/s) - `unilogin' saved [739/739]
true | openssl s_client -connect sso.emu.dk:443 -CApath /usr/share/ca-certificates/ (/usr/local/share/ca-certificates is empty)
Code:
CONNECTED(00000003)
depth=3 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
verify return:1
depth=2 C = US, ST = UT, L = Salt Lake City, O = The USERTRUST Network, OU = http://www.usertrust.com, CN = UTN-USERFirst-Hardware
verify return:1
depth=1 C = NL, O = TERENA, CN = TERENA SSL CA
verify return:1
depth=0 OU = Domain Control Validated, CN = *.emu.dk
verify return:1
---
Certificate chain
0 s:/OU=Domain Control Validated/CN=*.emu.dk
i:/C=NL/O=TERENA/CN=TERENA SSL CA
1 s:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
2 s:/C=NL/O=TERENA/CN=TERENA SSL CA
i:/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware
3 s:/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware
i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEXjCCA0agAwIBAgIRANVXu1Q+DRWoxgVamrRqk8cwDQYJKoZIhvcNAQEFBQAw
NjELMAkGA1UEBhMCTkwxDzANBgNVBAoTBlRFUkVOQTEWMBQGA1UEAxMNVEVSRU5B
IFNTTCBDQTAeFw0xMzAzMDYwMDAwMDBaFw0xNjAzMjQyMzU5NTlaMDYxITAfBgNV
BAsTGERvbWFpbiBDb250cm9sIFZhbGlkYXRlZDERMA8GA1UEAxQIKi5lbXUuZGsw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+96oPqRIhprpOUu+UoEFv
VmbLrAx2Oqi3iyDnYC8XCuA7ZQQR2lJ171NgBBSLkkOF1Y5V4mSPWJYWEq19J9wi
KZGbSv7Td94FYtz0S/UYQRb4gv9+dWH59G5aKa4GT4GOTDA8iJjUdX5e6mbR5mzF
gS3sUO25UfTUtcm6opKN6InJJuXCqhqi9uzb2rv/sjMNLXABRfxEjxCiYpgROwGr
GSWHoK9Bp3a+dxvpDSSeZo1GWiPT5UAnqMSHrbTru3eITzpKIgskOiM0puzGC7XI
BabkA57qM9EIfZjCmhRwndc6T7vKmGoQ+vHSpdRs3TpIuDeJOUh9JHtWhnpAxwpL
AgMBAAGjggFlMIIBYTAfBgNVHSMEGDAWgBQMvZNoDPPeq6NJays3V0fqkOO57TAd
BgNVHQ4EFgQUuFr0GbZ6FCS7ebIxmrq4A8F7OVswDgYDVR0PAQH/BAQDAgWgMAwG
A1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMCIGA1Ud
IAQbMBkwDQYLKwYBBAGyMQECAh0wCAYGZ4EMAQIBMDoGA1UdHwQzMDEwL6AtoCuG
KWh0dHA6Ly9jcmwudGNzLnRlcmVuYS5vcmcvVEVSRU5BU1NMQ0EuY3JsMG0GCCsG
AQUFBwEBBGEwXzA1BggrBgEFBQcwAoYpaHR0cDovL2NydC50Y3MudGVyZW5hLm9y
Zy9URVJFTkFTU0xDQS5jcnQwJgYIKwYBBQUHMAGGGmh0dHA6Ly9vY3NwLnRjcy50
ZXJlbmEub3JnMBMGA1UdEQQMMAqCCCouZW11LmRrMA0GCSqGSIb3DQEBBQUAA4IB
AQAOluU70IrVo3fxueir8NlEPmtjHN1Irs+JD8LFg9pMg3qC26TUVEIZGgJHjuI0
pmfPsvFRMH4LW8DZqu+y9egnMIWEWtHRC/SDz25AOolexhd2u0CUtpmDKZZ1s5bs
bdW2zwpcbDshtdjRHkR0isYRsjVgn5bjdQEj7aUlWs92ybshvehB1sMbzkZH+6ME
g8LJAo93nk3aWmhT+p3yU9k8OjrcOU8ALjr1ug3SvMYrnq0Q8FIctwzNpivVdz3v
PMta/bxYcPv+6p+I9txBR0WTasnj/slhC3iXeOself7S3vN49AFaJeThPWbMB/Lq
cme4hl6EPt1VXhuopi6JGSnm
-----END CERTIFICATE-----
subject=/OU=Domain Control Validated/CN=*.emu.dk
issuer=/C=NL/O=TERENA/CN=TERENA SSL CA
---
No client certificate CA names sent
---
SSL handshake has read 4628 bytes and written 539 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : RC4-SHA
Session-ID: B9A17DF30000000000000000000000020000897753095A0A00000000514A9814
Session-ID-ctx:
Master-Key: 87134BE92D5D9D2FACEB47990459D15337383666E4C2885C0977D1A386CA31CB585E62C35C0EAA5912D9CC6EEEDC1C7A
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1393121801
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
DONE
Debian 7.4 (wget certificate errors):
ldd /usr/bin/wget | egrep "(tls|crypt)"
Code:
libgnutls.so.26 => /usr/lib/x86_64-linux-gnu/libgnutls.so.26 (0x00007f06767f3000)
libgcrypt.so.11 => /lib/x86_64-linux-gnu/libgcrypt.so.11 (0x00007f0676575000)
wget -v -d https://sso.emu.dk/unilogin
Code:
DEBUG output created by Wget 1.13.4 on linux-gnu.
URI encoding = `UTF-8'
--2014-02-23 00:41:39-- https://sso.emu.dk/unilogin
Resolving sso.emu.dk (sso.emu.dk)... 80.209.175.14
Caching sso.emu.dk => 80.209.175.14
Connecting to sso.emu.dk (sso.emu.dk)|80.209.175.14|:443... connected.
Created socket 4.
Releasing 0x0000000001b52560 (new refcount 1).
ERROR: The certificate of `sso.emu.dk' is not trusted.
ERROR: The certificate of `sso.emu.dk' hasn't got a known issuer.
true | openssl s_client -connect sso.emu.dk:443 -CApath /usr/share/ca-certificates/ (/usr/local/share/ca-certificates is empty)
Code:
CONNECTED(00000003)
depth=3 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
verify return:1
depth=2 C = US, ST = UT, L = Salt Lake City, O = The USERTRUST Network, OU = http://www.usertrust.com, CN = UTN-USERFirst-Hardware
verify return:1
depth=1 C = NL, O = TERENA, CN = TERENA SSL CA
verify return:1
depth=0 OU = Domain Control Validated, CN = *.emu.dk
verify return:1
---
Certificate chain
0 s:/OU=Domain Control Validated/CN=*.emu.dk
i:/C=NL/O=TERENA/CN=TERENA SSL CA
1 s:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
2 s:/C=NL/O=TERENA/CN=TERENA SSL CA
i:/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware
3 s:/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware
i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEXjCCA0agAwIBAgIRANVXu1Q+DRWoxgVamrRqk8cwDQYJKoZIhvcNAQEFBQAw
NjELMAkGA1UEBhMCTkwxDzANBgNVBAoTBlRFUkVOQTEWMBQGA1UEAxMNVEVSRU5B
IFNTTCBDQTAeFw0xMzAzMDYwMDAwMDBaFw0xNjAzMjQyMzU5NTlaMDYxITAfBgNV
BAsTGERvbWFpbiBDb250cm9sIFZhbGlkYXRlZDERMA8GA1UEAxQIKi5lbXUuZGsw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+96oPqRIhprpOUu+UoEFv
VmbLrAx2Oqi3iyDnYC8XCuA7ZQQR2lJ171NgBBSLkkOF1Y5V4mSPWJYWEq19J9wi
KZGbSv7Td94FYtz0S/UYQRb4gv9+dWH59G5aKa4GT4GOTDA8iJjUdX5e6mbR5mzF
gS3sUO25UfTUtcm6opKN6InJJuXCqhqi9uzb2rv/sjMNLXABRfxEjxCiYpgROwGr
GSWHoK9Bp3a+dxvpDSSeZo1GWiPT5UAnqMSHrbTru3eITzpKIgskOiM0puzGC7XI
BabkA57qM9EIfZjCmhRwndc6T7vKmGoQ+vHSpdRs3TpIuDeJOUh9JHtWhnpAxwpL
AgMBAAGjggFlMIIBYTAfBgNVHSMEGDAWgBQMvZNoDPPeq6NJays3V0fqkOO57TAd
BgNVHQ4EFgQUuFr0GbZ6FCS7ebIxmrq4A8F7OVswDgYDVR0PAQH/BAQDAgWgMAwG
A1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMCIGA1Ud
IAQbMBkwDQYLKwYBBAGyMQECAh0wCAYGZ4EMAQIBMDoGA1UdHwQzMDEwL6AtoCuG
KWh0dHA6Ly9jcmwudGNzLnRlcmVuYS5vcmcvVEVSRU5BU1NMQ0EuY3JsMG0GCCsG
AQUFBwEBBGEwXzA1BggrBgEFBQcwAoYpaHR0cDovL2NydC50Y3MudGVyZW5hLm9y
Zy9URVJFTkFTU0xDQS5jcnQwJgYIKwYBBQUHMAGGGmh0dHA6Ly9vY3NwLnRjcy50
ZXJlbmEub3JnMBMGA1UdEQQMMAqCCCouZW11LmRrMA0GCSqGSIb3DQEBBQUAA4IB
AQAOluU70IrVo3fxueir8NlEPmtjHN1Irs+JD8LFg9pMg3qC26TUVEIZGgJHjuI0
pmfPsvFRMH4LW8DZqu+y9egnMIWEWtHRC/SDz25AOolexhd2u0CUtpmDKZZ1s5bs
bdW2zwpcbDshtdjRHkR0isYRsjVgn5bjdQEj7aUlWs92ybshvehB1sMbzkZH+6ME
g8LJAo93nk3aWmhT+p3yU9k8OjrcOU8ALjr1ug3SvMYrnq0Q8FIctwzNpivVdz3v
PMta/bxYcPv+6p+I9txBR0WTasnj/slhC3iXeOself7S3vN49AFaJeThPWbMB/Lq
cme4hl6EPt1VXhuopi6JGSnm
-----END CERTIFICATE-----
subject=/OU=Domain Control Validated/CN=*.emu.dk
issuer=/C=NL/O=TERENA/CN=TERENA SSL CA
---
No client certificate CA names sent
---
SSL handshake has read 4628 bytes and written 634 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : RC4-SHA
Session-ID: B9A17DF30000000000000000000000020001809653095C1500000000514C982F
Session-ID-ctx:
Master-Key: 90734986F26626EE29D06D76304CC4401615B55D4AA4755700FCE3CA16292B9D1BA2F30F5FAA0A1C006311D153F693E3
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1393122324
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
DONE
|