frenchie
16/01/2015, 21h37
[root@ns50xxxx ssl]# ls -l total 0 lrwxrwxrwx 1 root root 16 Oct 28 14:03 certs -> ../pki/tls/certs
[root@ns50xxxx certs]# ls -l total 1780 -rw-r--r-- 1 root root 786601 Jul 14 2014 ca-bundle.crt -rw-r--r-- 1 root root 1005005 Jul 14 2014 ca-bundle.trust.crt -rw------- 1 root root 1464 Nov 15 01:53 localhost.crt -rwxr-xr-x 1 root root 610 Nov 6 07:36 make-dummy-cert -rw-r--r-- 1 root root 2242 Nov 6 07:36 Makefile -rwxr-xr-x 1 root root 829 Nov 6 07:36 renew-dummy-cert
curl -I -v https://google.com
.....
* Initializing NSS with certpath: sql:/etc/pki/nssdb ( ???? )
.....
curl: (77) Problem with the SSL CA cert (path? access rights?)
......
curl --capath /etc/ssl/certs -I -v -o out https://www.google.com
* About to connect() to www.google.fr port 443 (#0) * Trying 2a00:1450:4007:80b::2003... * connected * Connected to www.google.fr (2a00:1450:4007:80b::2003) port 443 (#0) * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Server key exchange (12): * SSLv3, TLS handshake, Server finished (14): * SSLv3, TLS handshake, Client key exchange (16): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSL connection using ECDHE-RSA-AES128-GCM-SHA256 * Server certificate: * subject: C=US; ST=California; L=Mountain View; O=Google Inc; CN=*.google.fr * start date: 2014-12-10 11:50:36 GMT * expire date: 2015-03-10 00:00:00 GMT * subjectAltName: www.google.fr matched * issuer: C=US; O=Google Inc; CN=Google Internet Authority G2 * SSL certificate verify ok. > HEAD / HTTP/1.1 > User-Agent: curl/7.26.0 > Host: www.google.fr > Accept: */* > * additional stuff not fine transfer.c:1037: 0 0 * HTTP 1.1 or later with persistent connection, pipelining supported < HTTP/1.1 200 OK HTTP/1.1 200 OK < Date: Fri, 16 Jan 2015 18:55:13 GMT Date: Fri, 16 Jan 2015 18:55:13 GMT < Expires: -1 Expires: -1 < Cache-Control: private, max-age=0 Cache-Control: private, max-age=0 < Content-Type: text/html; charset=ISO-8859-1 Content-Type: text/html; charset=ISO-8859-1 < Set-Cookie: PREF=ID=b6186f6d0289c797:FF=0:TM=1421434513:LM=1421434513:S=062epuXcdHwhMUp_; expires=Sun, 15-Jan-2017 18:55:13 GMT; path=/; domain=.google.fr Set-Cookie: PREF=ID=b6186f6d0289c797:FF=0:TM=1421434513:LM=1421434513:S=062epuXcdHwhMUp_; expires=Sun, 15-Jan-2017 18:55:13 GMT; path=/; domain=.google.fr < Set-Cookie: NID=67=Hej1U9VK-yfKE1EaxGUDxH1eepjJU-N7MQgUmFP7I49-2A9Ux93YY2eoF0NT0XwbXoiDZQdxFckjtsompt4OzDF_X6frVlvcIZOKQAncOyWR6Lhs60SPvZxYcJBUGscE; expires=Sat, 18-Jul-2015 18:55:13 GMT; path=/; domain=.google.fr; HttpOnly Set-Cookie: NID=67=Hej1U9VK-yfKE1EaxGUDxH1eepjJU-N7MQgUmFP7I49-2A9Ux93YY2eoF0NT0XwbXoiDZQdxFckjtsompt4OzDF_X6frVlvcIZOKQAncOyWR6Lhs60SPvZxYcJBUGscE; expires=Sat, 18-Jul-2015 18:55:13 GMT; path=/; domain=.google.fr; HttpOnly < P3P: CP="This is not a P3P policy! See http://www.google.com/support/accoun...&answer=151657 for more info." P3P: CP="This is not a P3P policy! See http://www.google.com/support/accoun...&answer=151657 for more info." < Server: gws Server: gws < X-XSS-Protection: 1; mode=block X-XSS-Protection: 1; mode=block < X-Frame-Options: SAMEORIGIN X-Frame-Options: SAMEORIGIN < Alternate-Protocol: 443:quic,p=0.02 Alternate-Protocol: 443:quic,p=0.02 < Transfer-Encoding: chunked Transfer-Encoding: chunked < Accept-Ranges: none Accept-Ranges: none < Vary: Accept-Encoding Vary: Accept-Encoding < * Connection #0 to host www.google.fr left intact * Closing connection #0 * SSLv3, TLS alert, Client hello (1):
[root@ns50xxxx ~]# curl -I -v https://google.com * About to connect() to google.com port 443 (#0) * Trying 2607:f8b0:4006:807::1005... connected * Connected to google.com (2607:f8b0:4006:807::1005) port 443 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * Unable to initialize NSS database * Initializing NSS with certpath: none * Unable to initialize NSS * NSS error -8023 * Closing connection #0 * Problem with the SSL CA cert (path? access rights?) curl: (77) Problem with the SSL CA cert (path? access rights?) [root@ns50xxxx ~]# Write failed: Broken pipe
[root@ns50xxxx ~]# curl-config --configure -bash: curl-config: command not found
curl-config --configure
'--build' 'x86_64-linux-gnu' '--prefix=/usr' '--mandir=/usr/share/man' '--libdir=/usr/lib/x86_64-linux-gnu' '--disable-dependency-tracking' '--enable-ipv6' '--with-lber-lib=lber' '--disable-symbol-hiding' '--enable-versioned-symbols' '--enable-manual' '--enable-debug' '--disable-curldebug' 'CFLAGS=-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2' 'LDFLAGS=-Wl,-z,relro -Wl,--as-needed' '--with-gssapi=/usr' '--with-ca-bundle=/etc/ssl/certs/ca-certificates.crt' '--without-ssl' '--with-gnutls' 'build_alias=x86_64-linux-gnu'
locate ca-certificates.crt
apachectl restart
service httpd restart
[root@ns50xxxx ~]# curl-config --configure -bash: curl-config: command not found
curl-config --configure
[root@ns50xxxx ~]# ls -alh /etc/pki/tls/certs/ca-bundle.crt -rw-r--r-- 1 root root 769K Jul 14 2014 /etc/pki/tls/certs/ca-bundle.crt [root@ns50xxxx ~]# ls -alh /etc/pki/tls/certs/ca-bundle.trust.crt -rw-r--r-- 1 root root 982K Jul 14 2014 /etc/pki/tls/certs/ca-bundle.trust.crt
ls -alh /etc/pki/tls/certs/ca-bundle.crt ls -alh /etc/pki/tls/certs/ca-bundle.trust.crt
Système d'exploitation CentOS Linux 6.6 Version de Webmin 1.680 Date et heure du système Fri Jan 16 09:42:28 2015 Noyau et CPU Linux 3.10.23-xxxx-std-ipv6-64 sur x86_64 Information sur le CPU Intel(R) Core(TM) i3-2130 CPU @ 3.40GHz, 4 cores Mémoire réelle 7.69 GB total, 1.09 GB utilisé Mises à jours de Paquet All installed packages are up to date
DNS lookup for noc1.wordfence.com returns: 69.46.36.8 STARTING CURL http CONNECTION TEST.... Curl connectivity test passed. STARTING CURL https CONNECTION TEST.... Curl connectivity test failed with response: Curl HTTP status: 0 Curl error code: 77 Curl Error: Problem with the SSL CA cert (path? access rights?) Starting wp_remote_post() test wp_remote_post() test to noc1.wordfence.com passed! Starting wp_remote_post() test wp_remote_post() test to noc1.wordfence.com failed! Response was: Problem with the SSL CA cert (path? access rights?)
Système d'exploitation CentOS Linux 6.6 Version de Webmin 1.680 Date et heure du système Fri Jan 16 09:42:28 2015 Noyau et CPU Linux 3.10.23-xxxx-std-ipv6-64 sur x86_64 Information sur le CPU Intel(R) Core(TM) i3-2130 CPU @ 3.40GHz, 4 cores Mémoire réelle 7.69 GB total, 1.09 GB utilisé Mises à jours de Paquet All installed packages are up to date