Hallo Marcus,
Am 07.04.2018 um 10:21 schrieb Marcus Roeckrath:
> Wenn du also von einem Client per https auf deinen lokalen Webserver
> (Apache?) zugreifst?
ja.
> Hast du ein eigenes Zerifikat für deinen Server erstellt?
evtl. vor Jahren, aber dieses wird nicht benutzt. cacert-Serverzertifikat, welches in certs als apache.pem
rumliegt, wird benutzt.
> Gibt es dafür ein CRL?
ja.
> Meint insbesondere, ob du aus der angegeben Anleitung im Wiki den folgenden
> Punkt abgearbeitet hast?
ja.
> Du hast dir ein öffentliches Zertifikat besorgt?
ja.
> Bitte mal die vollständige Kette und die details deines
> Server/Apache-Zertifikates.
*
│
│| certificate : apache.pem (d6c035ee)
│
│| subject : CN www.weltes.goip.de
│
│| issuer : O CAcert Inc. OU httpwww.CAcert.org CN CAcert Class 3 Root
│
│| MD5 f-print : 5C:F1:0F:2A:AA:8E:B7:35:CC:6D:F6:66:D6:40:E9:78
│
│| SHA1 f-print: 9F:07:02:AF:6F:D2:D9:98:C1:92:6D:C1:B6:F3:E7:71:8A:B5:AA:2C
│
│|
│
│+->| certificate : cacert-class-3-root.pem (590d426f)
│
│ | subject : O CAcert Inc. OU httpwww.CAcert.org CN CAcert Class 3 Root
│
│ | issuer : O Root CA OU httpwww.cacert.org CN CA Cert Signing Authority emailAddress
supportcacert.org │
│ | MD5 f-print : 73:3F:35:54:1D:44:C9:E9:5A:4A:EF:51:AD:03:06:B6
│
│ | SHA1 f-print: DB:4C:42:69:07:3F:E9:C2:A3:7D:89:0A:5C:1B:18:C4:18:4E:2A:2D
│
│ |
│
│ +->| certificate : cacert-class-1-root.pem (99d0fa06)
│
│ | subject : O Root CA OU httpwww.cacert.org CN CA Cert Signing Authority emailAddress
supportcacert.org │
│ | issuer : O Root CA OU httpwww.cacert.org CN CA Cert Signing Authority emailAddress
supportcacert.org │
│ | MD5 f-print : A6:1B:37:5E:39:0D:9C:36:54:EE:BD:20:31:46:1F:6B
│
│ | SHA1 f-print: 13:5C:EC:36:F4:9C:B8:E9:3B:1A:B2:70:CD:80:88:46:76:CE:8F:33
│
│ |
│
│ +-> end of chain!
│
│
│
│checking certificate chain:
│
│ apache.pem: OK
│
│ Last Update: Apr 5 23:26:12 2018 GMT
│
│ Next Update: Apr 12 23:26:12 2018 GMT
File name: /usr/local/ssl/certs/apache.pem
↑
│
▮
│Certificate:
▒
│ Data:
▒
│ Version: 3 (0x2)
▒
│ Serial Number: 173477 (0x2a5a5)
▒
│ Signature Algorithm: sha512WithRSAEncryption
▒
│ Issuer: O = CAcert Inc., OU = http://www.CAcert.org, CN = CAcert Class 3 Root
▒
│ Validity
▒
│ Not Before: Jan 24 08:31:56 2017 GMT
▒
│ Not After : Jan 24 08:31:56 2019 GMT
▒
│ Subject: CN = www.weltes.goip.de
▒
│ Subject Public Key Info:
▒
│ Public Key Algorithm: rsaEncryption
▒
│ Public-Key: (2048 bit)
▒
│ Modulus:
▒
│ 00:af:d3:ba:88:42:12:f0:41:41:95:13:ac:ad:c6:
▒
│ c3:3d:31:32:60:d9:4c:a1:f9:72:69:1d:5f:21:11:
▒
│ 03:84:96:74:65:62:01:46:c2:3c:6b:28:23:ce:df:
▒
│ 4d:df:ed:a1:95:c2:fb:99:d6:1a:d7:5d:3b:bf:51:
▒
│ 00:5e:1c:85:82:4b:56:97:e6:85:28:99:55:ff:53:
▒
│ 07:30:e8:c8:1e:92:a0:66:0f:89:ba:2d:61:77:7e:
▒
│ 25:60:50:e1:9d:06:3c:c3:d6:82:b2:78:ef:57:12:
▒
│ 1c:65:90:12:8c:19:03:81:a9:02:65:b3:ce:ee:1d:
▒
│ 31:4f:e1:a0:5f:51:41:d6:3f:c7:28:36:da:a1:8a:
▒
│ 83:e4:fe:de:c7:a6:fd:e6:6c:57:aa:6a:62:e8:a3:
▒
│ d0:b3:c0:82:c1:cb:90:cb:1b:c5:c2:bc:85:02:c6:
▒
│ 81:31:a7:f2:72:6a:69:da:f4:d5:00:d3:11:d5:0d:
▒
│ ee:be:34:b9:fb:5a:10:cd:92:ab:56:36:28:d3:3d:
▒
│ 57:9a:8e:32:25:f4:7d:cd:5e:a6:b8:87:4d:c9:cb:
▒
│ 25:5b:8a:90:a6:6b:d3:2e:6e:0a:d9:fe:70:b9:82:
▒
│ 8c:2f:a9:34:c4:4d:22:e8:d9:94:79:ff:a7:8b:6f:
▒
│ 24:f0:c8:b8:60:22:37:de:3c:d0:d9:58:10:0a:97:
▒
│ 1a:5b
▒
│ Exponent: 65537 (0x10001)
▒
│ X509v3 extensions:
▒
│ X509v3 Basic Constraints: critical
▒
│ CA:FALSE
▒
│ X509v3 Key Usage: critical
▒
│ Digital Signature, Key Encipherment, Key Agreement
▒
│ X509v3 Extended Key Usage:
│ TLS Web Client Authentication, TLS Web Server Authentication, Netscape Server Gated Crypto,
Microsoft Server Gated Crypto ▒
│ Authority Information Access:
▒
│ OCSP - URI:http://ocsp.cacert.org/
▒
│
▒
│ X509v3 CRL Distribution Points:
▒
│
▒
│ Full Name:
▒
│ URI:http://crl.cacert.org/class3-revoke.crl
▒
│
▒
│ X509v3 Subject Alternative Name:
▒
│ DNS:www.weltes.goip.de, othername:<unsupported>
▒
│ Signature Algorithm: sha512WithRSAEncryption
▒
│ 41:2f:87:00:2b:02:47:16:31:c0:7d:65:da:01:29:73:15:4d:
▒
│ 21:65:6b:b8:86:80:1a:83:58:0e:69:c6:bb:07:a9:1b:bf:49:
▒
│ 68:07:f5:15:68:d0:d1:ad:07:45:55:6d:25:0e:36:52:12:69:
▒
│ 9a:24:fd:5e:a9:d8:d3:dc:be:d0:a6:60:cb:bc:9f:3d:26:9f:
▒
│ 0a:62:f4:29:2d:eb:a1:9c:30:85:d7:dc:af:18:dc:dd:bc:74:
▒
│ e3:44:3f:6c:e9:82:0a:7c:be:37:bd:19:7c:cd:f5:cc:42:4a:
▒
│ 0b:51:20:b7:71:fd:92:d7:dc:0c:b5:b6:c0:cc:cc:29:b3:8e:
▒
│ 27:b2:aa:1f:24:ce:1f:49:18:91:56:af:5e:ec:d9:89:44:3a:
▒
│ 44:6d:89:4f:a8:2d:98:cc:ec:fc:9b:e2:7d:da:a7:5c:23:10:
▒
│ 78:a6:71:fa:3f:1a:ce:94:5e:7d:a3:73:03:de:5c:24:70:e4:
▒
│ 81:f7:b6:09:d3:47:20:51:1d:58:42:14:6c:62:05:5a:77:2c:
▒
│ cc:db:53:7d:65:ee:ca:53:01:75:c5:15:e8:36:fc:8b:89:f1:
▒
│ 71:41:bc:39:0f:86:51:35:07:75:64:74:4a:02:06:ff:ec:10:
▒
│ e6:24:41:df:b1:68:52:1b:c9:95:54:b6:8c:65:23:cd:08:f5:
▒
│ 26:39:5a:bb:ca:91:5d:8d:e8:cf:d7:f9:1d:8f:d5:1f:d3:34:
▒
│ d3:ab:6e:4f:51:c9:aa:ba:e2:fa:7b:f3:a5:7c:56:3c:c9:85:
▒
│ a2:c6:60:88:4e:f0:41:ac:bb:cf:3b:b0:54:81:5b:26:7e:21:
▒
│ c6:e9:00:02:5b:36:29:94:20:1a:45:f7:bb:a6:7e:84:55:46:
▒
│ 1e:f8:ec:ba:e3:ae:e7:bf:1b:4c:a1:00:00:2f:6d:2a:85:dd:
▒
│ 83:bf:38:40:e7:61:61:56:40:75:47:99:36:bb:65:bd:2a:f8:
▒
│ da:74:61:9a:24:24:07:a8:74:24:64:91:17:d3:f0:9b:9c:2a:
▒
│ ec:80:cf:88:2a:88:2c:f1:49:f4:83:5e:02:57:63:c7:b1:16:
▒
│ 9b:08:42:77:a7:99:d2:5b:3c:7a:05:86:bf:2a:37:46:6d:24:
▒
│ a1:0c:24:b5:6f:75:b2:50:4c:c6:03:8d:ae:0e:5f:5d:fb:fd:
▒
│ 81:2f:cb:08:77:0a:18:fa:33:b2:64:1e:4c:24:3c:3e:ff:63:
▒
│ 78:18:3b:f4:b3:08:95:f1:32:8d:cd:99:dc:4c:08:b7:ed:10:
▮
│ e9:3f:69:25:97:12:f5:74:db:49:0f:25:a9:a6:4a:11:4a:98:
▒
│ 20:10:ee:80:97:de:bb:68:58:49:23:a0:07:41:1d:b0:57:2e:
↓
└ 09:4d:86:8d:13:6e:d6:cb
Danke,
Stefan