SSL Certificate is not showing

Help
1

Hi,

On my ubuntu 18.04 I install the nginx and I get the ssl certificate. It worked only 24 hours. Now I am getting bellow error on MacOS 10.13.6 with Safari browser as well as Android phone browser as follows.

Details:

Distributor ID: Ubuntu
Description: Ubuntu 18.04.1 LTS
Release: 18.04
Codename: bionic

nginx version: nginx/1.15.5

echo | openssl s_client -connect cep.capitalbank.com.tr:443 2>/dev/null | openssl x509 -noout -dates
result:
notBefore=Oct 10 06:50:26 2018 GMT
notAfter=Jan 8 06:50:26 2019 GMT

https://cep.capitalbank.com.tr/

certificate issuer is not recognized.

HTTP Strict Transport Security: false
HTTP Public Key Pinning: false

Certificate Chain:

-----BEGIN CERTIFICATE-----
MIIDlzCCAn+gAwIBAgISAxmdxmiOP/Oq8Oyx7KPDWTHXMA0GCSqGSIb3DQEBCwUA
MIGlMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJ
U3Vubnl2YWxlMREwDwYDVQQKEwhGb3J0aW5ldDEeMBwGA1UECxMVQ2VydGlmaWNh
dGUgQXV0aG9yaXR5MRUwEwYDVQQDEwxGb3J0aUdhdGUgQ0ExIzAhBgkqhkiG9w0B
CQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMB4XDTE4MTAxMDA2NTAyNloXDTE5MDEw
ODA2NTAyNlowITEfMB0GA1UEAxMWY2VwLmNhcGl0YWxiYW5rLmNvbS50cjCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPM9C+ejVeujnckmUJpqsVDUF/hU
hmAPqJbq993s9XRGby7TmjbUxSlAouuNnARz8FIjKvqgBrl+QcJWNBG9tVSpmGww
8ZFbzevOgf+Yhf+qEUbKzu6+kQr4o8JYPz++sSwBSavWS539YF4n8brzJ7M6667P
V1DjOsItnR6EkkBCLHMFzRXCx4bWtRxXgK/9EF5BYSV6brfzIbrmlIYVKBn2DtKa
eNvpp87HvB3Z8cwd9U5k4v3TPA/DWiyDtkMhVx1Uj9FwvnIyZ9L3coOQoOXZK7io
eaPBI67Xd/yjQzJYAB26mzGrkv6uMf5IXHxbHa+4KR/46sE2IXQqv3W8RBUCAwEA
AaNEMEIwIQYDVR0RBBowGIIWY2VwLmNhcGl0YWxiYW5rLmNvbS50cjAdBgNVHSUE
FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAFLZqx+l
K+CJJ3Y+ydeo6d6GEDa86dmiaJ5Zs+JBTne/BdqQi9tuefYy21BRiCZDDR/heDGG
9YCLdtARWknXOWUMqaUkumTc4TloApO/5uu1HVIwWPrlGmuEsqGrTmBeWqIWd1/P
KKo6TWUMHC6TrLxO1dMo3pACIWb7m2YCzaBdseXkuNM+ZQw1X/xD+DtwZZgLk9N9
BdnWa64NQjRCebboheE8yfsbWbPkJ70O0X7lII2k46bhDKzD+cnefhG/bmyIvxLz
QrHNlioWDrKUdiKI2Q5I3+FDEhB76Y4zebM6K17tu1PGHjlNwOfiyotBZUgb1sCs
M6V6FP73uYatJNw=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIID1zCCAr+gAwIBAgIBADANBgkqhkiG9w0BAQUFADCBpTELMAkGA1UEBhMCVVMx
EzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTERMA8GA1UE
ChMIRm9ydGluZXQxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0eTEVMBMG
A1UEAxMMRm9ydGlHYXRlIENBMSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRp
bmV0LmNvbTAeFw0wODEwMTgwMDQ2MzlaFw0yODEwMTMwMDQ2MzlaMIGlMQswCQYD
VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJU3Vubnl2YWxl
MREwDwYDVQQKEwhGb3J0aW5ldDEeMBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0aG9y
aXR5MRUwEwYDVQQDEwxGb3J0aUdhdGUgQ0ExIzAhBgkqhkiG9w0BCQEWFHN1cHBv
cnRAZm9ydGluZXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
tveDq5vViSsRgHROaylt0qMdteLi1D/L0AWct+j5Y+N+HskBqsK5eGHrgytW6Jr3
dtQ/53/usTI+8HHpPXj8gWune6ivjQcOAmGsB/gfwLPCa98+kLgo9wpu0NxLVbyU
i5F9OjFtMpEGsYlnu6jtrsIR8EonAnaUtYKCqPLNSVc/U97ZX9m7zyjLYEGENt2M
elnAeTDNy2VHdxvjCkHBZYuI8lygtQsFvAGdvHsoIGEKgnLHbycLCWUk1j9mTkYB
0QFKWdy45jsvrUEnaEuWBlIKNZEgy8uI1wW/Rtv1HHbofuWr/2gTIaggPjIWshak
sPA5wXth1N5pBMrPOxNoHwIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3
DQEBBQUAA4IBAQBrAfI+ULwg3M+k4s3FB6//6sPG5TcrvPdrQ8gArEeYJJCzHnVY
tknIPPx1K5V+QueAXRpLiuWphFP5w9OxWuDqHw8zwb24wJc7BD4CeFKUyYinbpDi
Yg035SKYl4TSGMOTiYRoTxqgkfzcmTFfpfD1pOJQ08Kh+1yle35WqG9Ab1jrO0Y/
vltGReZckwh9e95SPzNA43xGZPSIgxZ8007EUqYBekoSKGAQPqTalHBkzpB1Us3F
5yCZzxA4WYT9UGVwPhIVgMlZvm5NL29/5dFgts51U+P4OZ0Or+xQfWYIxTzCWtAC
1ikZ/6HeIvet27H4CPP1rolBTXw4z6olP32T
-----END CERTIFICATE-----

2

Hi,

The site's certificate is now not a let's encrypt certificate, but a fortinet one (which is not trusted by browsers and OSs)

Do you have any service with Fortinet?

Thank you

3

I am accessing from home using fortunes client. But this also happened on my Android phone. And yes my machine is front of the Fortinet and I configured to allow 443

4

When I try it in ubuntu Mozilla browser is look like its working and showing the green ssl icon front of my domain name

5

Hi,

However, when I was connecting to your server, it’s just the fortinet certificate.

Is it possible that the firewall intercepts the https request?

Thank you

6

I configure yesterday and all day today I work with my application which is counting to my ubuntu machine. Wasn’t any problem

7

I test it now on Asus laptop using win10 edge browser and I am getting DLG_FLAGS_INVALID_CA error. I can only call admin on Monday

8

I call admin guy and there look now

9

Ok its working now. They re-configure ssl inspection and remove the inspection for my domain now. we need to re-configure the firewall on Monday and get the ssl inspection on again for my domain. Do you know how to configure Fortinet with SSL inspection on for Letsencrypt certificate?

11

No, I don’t know how to design Fortinet with SSL review on for Letsencrypt endorsement

12

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.