lucas@www:~/web/pma$ curl -vvI https://files.phpmyadmin.net/phpMyAdmin/5.2.0 … ish.tar.gz
* Hostname was NOT found in DNS cache
* Trying 89.187.187.20...
* Connected to files.phpmyadmin.net (89.187.187.20) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS alert, Server hello (2):
* SSL certificate problem: certificate has expired
* Closing connection 0
* SSLv3, TLS alert, Client hello (1):
curl: (60) SSL certificate problem: certificate has expired
More details here: http://curl.haxx.se/docs/sslcerts.html
lucas@www:~$ openssl s_client -connect files.phpmyadmin.net:443 -servername file s.phpmyadmin.net </dev/null 2>/dev/null | grep -A6 chain
Certificate chain
0 s:/CN=1560827080.rsc.cdn77.org
i:/C=US/O=Let's Encrypt/CN=R3
1 s:/C=US/O=Let's Encrypt/CN=R3
i:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
2 s:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
i:/O=Digital Signature Trust Co./CN=DST Root CA X3
lucas@www:~$ openssl x509 -text -noout </etc/ssl/certs/DST_Root_CA_X3.pem | grep CN
Issuer: O=Digital Signature Trust Co., CN=DST Root CA X3
Subject: O=Digital Signature Trust Co., CN=DST Root CA X3
lucas@www:~$ host files.phpmyadmin.net files.phpmyadmin.net is an alias for 1560827080.rsc.cdn77.org.
1560827080.rsc.cdn77.org has address 89.187.187.19
1560827080.rsc.cdn77.org has address 89.187.187.12
1560827080.rsc.cdn77.org has address 89.187.187.14
1560827080.rsc.cdn77.org has IPv6 address 2a02:6ea0:c800::7
1560827080.rsc.cdn77.org has IPv6 address 2a02:6ea0:c800::8
1560827080.rsc.cdn77.org has IPv6 address 2a02:6ea0:c800::6
lucas@www:~$ curl -vvI https://185.76.9.15/phpMyAdmin/5.2.0/phpMyAdm … ish.tar.gz
* Hostname was NOT found in DNS cache
* Trying 185.76.9.15...
* Connected to 185.76.9.15 (185.76.9.15) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS alert, Server hello (2):
* SSL certificate problem: certificate has expired
* Closing connection 0
* SSLv3, TLS alert, Client hello (1):
curl: (60) SSL certificate problem: certificate has expired
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
lucas@www:~$ curl -vvI https://185.76.9.21/phpMyAdmin/5.2.0/phpMyAdm … ish.tar.gz
* Hostname was NOT found in DNS cache
* Trying 185.76.9.21...
* Connected to 185.76.9.21 (185.76.9.21) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS alert, Server hello (2):
* SSL certificate problem: certificate has expired
* Closing connection 0
* SSLv3, TLS alert, Client hello (1):
curl: (60) SSL certificate problem: certificate has expired
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
lucas@www:~$