Bruce Schneier: Everything should be believed insecure until demonstrated otherwise.
George V. Neville-Neil: I often think that programmers shouldn’t just be given offices instead of cubicles, but padded cells. Think of how much the company would save on medical bills if everyone had a cushioned wall to bang their heads against, instead of those cheap, pressboard desks that crack so easily.
Qualys SSL Report: SSL Report: blogs.rsa.com (198.90.20.87) Assessed on: Fri, 19 Jun 2015 Overall Rating: T This server's certificate is not trusted, see below for details. Authentication Server Key and Certificate #1 Common names: Parallels Panel MISMATCH Trusted: No NOT TRUSTED
Certification Paths Path #1: Not trusted (path does not chain to a trusted anchor) Sent by server Not in trust store Parallels Panel Self-signed Fingerprint: 9d09c4edb82e52afae79a8b22f9540efafbdb716 RSA 2048 bits (e 65537) / SHA1withRSA Weak or insecure signature, but no impact on root certificate
A certificate is invalid if: It is used before its activation date It is used after its expiry date Certificate hostnames don't match the site hostname It has been revoked
curl: $ curl -vvv "https://blogs.rsa.com" * About to connect() to blogs.rsa.com port 443 (#0) * Trying 198.90.20.87... * connected * Connected to blogs.rsa.com (198.90.20.87) port 443 (#0) * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS alert, Server hello (2): * SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed * Closing connection #0
wget: $ wget -vd "https://blogs.rsa.com" Resolving blogs.rsa.com... 198.90.20.87 Caching blogs.rsa.com => 198.90.20.87 Connecting to blogs.rsa.com|198.90.20.87|:443... connected. Created socket 3. Releasing 0x0000000001e61fd0 (new refcount 1). Initiating SSL handshake. Handshake successful; connected socket 3 to SSL handle 0x0000000001e631d0 certificate: subject: /C=US/ST=Virginia/L=Herndon/O=Parallels/OU=Parallels Panel/CN=Parallels Panel/emailAddress=info@parallels.com issuer: /C=US/ST=Virginia/L=Herndon/O=Parallels/OU=Parallels Panel/CN=Parallels Panel/emailAddress=info@parallels.com ERROR: cannot verify blogs.rsa.com’s certificate, issued by “/C=US/ST=Virginia/L=Herndon/O=Parallels/OU=Parallels Panel/CN=Parallels Panel/emailAddress=info@parallels.com”: Self-signed certificate encountered. ERROR: certificate common name “Parallels Panel” doesn't match requested host name “blogs.rsa.com”. To connect to blogs.rsa.com insecurely, use ‘--no-check-certificate’. Closed 3/SSL 0x0000000001e631d0
|