SSL Certificate is not showing


#1

Hi,

On my ubuntu 18.04 I install the nginx and I get the ssl certificate. It worked only 24 hours. Now I am getting bellow error on MacOS 10.13.6 with Safari browser as well as Android phone browser as follows.

Details:

Distributor ID: Ubuntu
Description: Ubuntu 18.04.1 LTS
Release: 18.04
Codename: bionic

nginx version: nginx/1.15.5

echo | openssl s_client -connect cep.capitalbank.com.tr:443 2>/dev/null | openssl x509 -noout -dates
result:
notBefore=Oct 10 06:50:26 2018 GMT
notAfter=Jan 8 06:50:26 2019 GMT

https://cep.capitalbank.com.tr/

certificate issuer is not recognized.

HTTP Strict Transport Security: false
HTTP Public Key Pinning: false

Certificate Chain:

-----BEGIN CERTIFICATE-----
MIIDlzCCAn+gAwIBAgISAxmdxmiOP/Oq8Oyx7KPDWTHXMA0GCSqGSIb3DQEBCwUA
MIGlMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJ
U3Vubnl2YWxlMREwDwYDVQQKEwhGb3J0aW5ldDEeMBwGA1UECxMVQ2VydGlmaWNh
dGUgQXV0aG9yaXR5MRUwEwYDVQQDEwxGb3J0aUdhdGUgQ0ExIzAhBgkqhkiG9w0B
CQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMB4XDTE4MTAxMDA2NTAyNloXDTE5MDEw
ODA2NTAyNlowITEfMB0GA1UEAxMWY2VwLmNhcGl0YWxiYW5rLmNvbS50cjCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPM9C+ejVeujnckmUJpqsVDUF/hU
hmAPqJbq993s9XRGby7TmjbUxSlAouuNnARz8FIjKvqgBrl+QcJWNBG9tVSpmGww
8ZFbzevOgf+Yhf+qEUbKzu6+kQr4o8JYPz++sSwBSavWS539YF4n8brzJ7M6667P
V1DjOsItnR6EkkBCLHMFzRXCx4bWtRxXgK/9EF5BYSV6brfzIbrmlIYVKBn2DtKa
eNvpp87HvB3Z8cwd9U5k4v3TPA/DWiyDtkMhVx1Uj9FwvnIyZ9L3coOQoOXZK7io
eaPBI67Xd/yjQzJYAB26mzGrkv6uMf5IXHxbHa+4KR/46sE2IXQqv3W8RBUCAwEA
AaNEMEIwIQYDVR0RBBowGIIWY2VwLmNhcGl0YWxiYW5rLmNvbS50cjAdBgNVHSUE
FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAFLZqx+l
K+CJJ3Y+ydeo6d6GEDa86dmiaJ5Zs+JBTne/BdqQi9tuefYy21BRiCZDDR/heDGG
9YCLdtARWknXOWUMqaUkumTc4TloApO/5uu1HVIwWPrlGmuEsqGrTmBeWqIWd1/P
KKo6TWUMHC6TrLxO1dMo3pACIWb7m2YCzaBdseXkuNM+ZQw1X/xD+DtwZZgLk9N9
BdnWa64NQjRCebboheE8yfsbWbPkJ70O0X7lII2k46bhDKzD+cnefhG/bmyIvxLz
QrHNlioWDrKUdiKI2Q5I3+FDEhB76Y4zebM6K17tu1PGHjlNwOfiyotBZUgb1sCs
M6V6FP73uYatJNw=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIID1zCCAr+gAwIBAgIBADANBgkqhkiG9w0BAQUFADCBpTELMAkGA1UEBhMCVVMx
EzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTERMA8GA1UE
ChMIRm9ydGluZXQxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0eTEVMBMG
A1UEAxMMRm9ydGlHYXRlIENBMSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRp
bmV0LmNvbTAeFw0wODEwMTgwMDQ2MzlaFw0yODEwMTMwMDQ2MzlaMIGlMQswCQYD
VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJU3Vubnl2YWxl
MREwDwYDVQQKEwhGb3J0aW5ldDEeMBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0aG9y
aXR5MRUwEwYDVQQDEwxGb3J0aUdhdGUgQ0ExIzAhBgkqhkiG9w0BCQEWFHN1cHBv
cnRAZm9ydGluZXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
tveDq5vViSsRgHROaylt0qMdteLi1D/L0AWct+j5Y+N+HskBqsK5eGHrgytW6Jr3
dtQ/53/usTI+8HHpPXj8gWune6ivjQcOAmGsB/gfwLPCa98+kLgo9wpu0NxLVbyU
i5F9OjFtMpEGsYlnu6jtrsIR8EonAnaUtYKCqPLNSVc/U97ZX9m7zyjLYEGENt2M
elnAeTDNy2VHdxvjCkHBZYuI8lygtQsFvAGdvHsoIGEKgnLHbycLCWUk1j9mTkYB
0QFKWdy45jsvrUEnaEuWBlIKNZEgy8uI1wW/Rtv1HHbofuWr/2gTIaggPjIWshak
sPA5wXth1N5pBMrPOxNoHwIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3
DQEBBQUAA4IBAQBrAfI+ULwg3M+k4s3FB6//6sPG5TcrvPdrQ8gArEeYJJCzHnVY
tknIPPx1K5V+QueAXRpLiuWphFP5w9OxWuDqHw8zwb24wJc7BD4CeFKUyYinbpDi
Yg035SKYl4TSGMOTiYRoTxqgkfzcmTFfpfD1pOJQ08Kh+1yle35WqG9Ab1jrO0Y/
vltGReZckwh9e95SPzNA43xGZPSIgxZ8007EUqYBekoSKGAQPqTalHBkzpB1Us3F
5yCZzxA4WYT9UGVwPhIVgMlZvm5NL29/5dFgts51U+P4OZ0Or+xQfWYIxTzCWtAC
1ikZ/6HeIvet27H4CPP1rolBTXw4z6olP32T
-----END CERTIFICATE-----


#2

Hi,

The site’s certificate is now not a let’s encrypt certificate, but a fortinet one (which is not trusted by browsers and OSs)

Do you have any service with Fortinet?

Thank you


#3

I am accessing from home using fortunes client. But this also happened on my Android phone. And yes my machine is front of the Fortinet and I configured to allow 443


#4

When I try it in ubuntu Mozilla browser is look like its working and showing the green ssl icon front of my domain name


#5

Hi,

However, when I was connecting to your server, it’s just the fortinet certificate.

Is it possible that the firewall intercepts the https request?

Thank you


#6

I configure yesterday and all day today I work with my application which is counting to my ubuntu machine. Wasn’t any problem


#7

I test it now on Asus laptop using win10 edge browser and I am getting DLG_FLAGS_INVALID_CA error. I can only call admin on Monday


#8

I call admin guy and there look now


#9

Ok its working now. They re-configure ssl inspection and remove the inspection for my domain now. we need to re-configure the firewall on Monday and get the ssl inspection on again for my domain. Do you know how to configure Fortinet with SSL inspection on for Letsencrypt certificate?


#11

No, I don’t know how to design Fortinet with SSL review on for Letsencrypt endorsement


#12

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.