hi, title says it all. > openssl s_client -showcerts -connect mirror.openshift.com:443 CONNECTED(00000003) depth=0 serialNumber = VJ007OqVUpqL6ncl1rzkriz-yvA8kCKR, C = US, ST = North Carolina, L = Raleigh, O = Red Hat Inc, OU = RHC Cloud Operations, CN = mirror.openshift.com verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 serialNumber = VJ007OqVUpqL6ncl1rzkriz-yvA8kCKR, C = US, ST = North Carolina, L = Raleigh, O = Red Hat Inc, OU = RHC Cloud Operations, CN = mirror.openshift.com verify error:num=27:certificate not trusted verify return:1 depth=0 serialNumber = VJ007OqVUpqL6ncl1rzkriz-yvA8kCKR, C = US, ST = North Carolina, L = Raleigh, O = Red Hat Inc, OU = RHC Cloud Operations, CN = mirror.openshift.com verify error:num=21:unable to verify the first certificate verify return:1 --- Certificate chain 0 s:/serialNumber=VJ007OqVUpqL6ncl1rzkriz-yvA8kCKR/C=US/ST=North Carolina/L=Raleigh/O=Red Hat Inc/OU=RHC Cloud Operations/CN=mirror.openshift.com i:/C=US/O=GeoTrust, Inc./CN=GeoTrust SSL CA -----BEGIN CERTIFICATE----- MIIEnTCCA4WgAwIBAgIDAWjwMA0GCSqGSIb3DQEBBQUAMEAxCzAJBgNVBAYTAlVT MRcwFQYDVQQKEw5HZW9UcnVzdCwgSW5jLjEYMBYGA1UEAxMPR2VvVHJ1c3QgU1NM IENBMB4XDTEyMDUxMTA3NTkzNVoXDTE0MDUxNDA4MjUwNFowgbcxKTAnBgNVBAUT IFZKMDA3T3FWVXBxTDZuY2wxcnprcml6LXl2QThrQ0tSMQswCQYDVQQGEwJVUzEX MBUGA1UECBMOTm9ydGggQ2Fyb2xpbmExEDAOBgNVBAcTB1JhbGVpZ2gxFDASBgNV BAoTC1JlZCBIYXQgSW5jMR0wGwYDVQQLExRSSEMgQ2xvdWQgT3BlcmF0aW9uczEd MBsGA1UEAxMUbWlycm9yLm9wZW5zaGlmdC5jb20wggEiMA0GCSqGSIb3DQEBAQUA A4IBDwAwggEKAoIBAQDoPeAXZ+5HVzlYWuEwzZGkbHHDf/Wh4t4hxlMkfF+TilbD Zgs1hVSof48sfscZO+xQrWtiNKfChjBS8KJb7XzdXxJFneqe82QYX69iyHUe8/w4 G73KCRlE1RaxJ20mjhEUIOCudxPt8cRxMdmCePdnqaiYfEwcWNtyiGnwRv0I2D7h LGOmUDgSQdjGgaq+DMtlgH/AfNtngPR8d+91oN+i7qbilSWv7ryafjfke+PexOot G7gFgzdVGvVi6qgrXtYlGf42rMTrDSawokFRh/jwcrzI3ky2aF5+02nL4V2h+qm8 pImgUCMulAXpcN5fNZK43PbrjhCVqNFfMIyaCbDDAgMBAAGjggEmMIIBIjAfBgNV HSMEGDAWgBRCeVQbYc1VKz5j1TxIV/Wf+0XOSjAOBgNVHQ8BAf8EBAMCBLAwHQYD VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB8GA1UdEQQYMBaCFG1pcnJvci5v cGVuc2hpZnQuY29tMD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6Ly9ndHNzbC1jcmwu Z2VvdHJ1c3QuY29tL2NybHMvZ3Rzc2wuY3JsMB0GA1UdDgQWBBQY6zdB9bdveqb7 kz353EqWF8a1zzAMBgNVHRMBAf8EAjAAMEMGCCsGAQUFBwEBBDcwNTAzBggrBgEF BQcwAoYnaHR0cDovL2d0c3NsLWFpYS5nZW90cnVzdC5jb20vZ3Rzc2wuY3J0MA0G CSqGSIb3DQEBBQUAA4IBAQCCogO4xMhiQImOIZ6/R3qBvNI2GiywBhQSpoyjfYZO KiMrXcSSOKBWQX34RenmnmT3IqtTDuC+653UI9KHHg5bzVq5o3XqURpXPl7JVnyj Skhzy+jCPLdXjhWvYa+dYsC/7bCCBn/XrmvHa0C+fDZkEUkOj765HZrs3PmC/guY Vp0WWfKXBNik+lnpDjIHzXRsfOaiyLWP8wAxDUWYyknEC96mgGeL4QA46fa9KZfn CrOfHO35yMSGjB+r46pl2A+nnXnj4jnHMwKFVDYaR2J9J6IPNOS/DYDNbP0l9ReG nKXMYbq03ly0D46IeJ6+kMeB4YQ0EaKVunIDOM8eUZyU -----END CERTIFICATE----- --- Server certificate subject=/serialNumber=VJ007OqVUpqL6ncl1rzkriz-yvA8kCKR/C=US/ST=North Carolina/L=Raleigh/O=Red Hat Inc/OU=RHC Cloud Operations/CN=mirror.openshift.com issuer=/C=US/O=GeoTrust, Inc./CN=GeoTrust SSL CA --- No client certificate CA names sent --- SSL handshake has read 2063 bytes and written 370 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: zlib compression Expansion: zlib compression SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA Session-ID: 72C424803516AB34C05FC22ABBE5738065F27275DCBAE3684BDA9EE20CA19038 Session-ID-ctx: Master-Key: 8024BF6062495ABAE4D173DA66A9086C20E7430500C0DD657144801C8F55D5D52795C9CD20FC30BA7E8EDE11B133FBD3 Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None TLS session ticket: 0000 - 83 11 4c 54 12 24 88 d3-2f 03 c6 af f1 10 06 3e ..LT.$../......> 0010 - 7e 4e 29 77 2e e0 34 d7-c8 94 ec 58 5f 0a c2 dc ~N)w..4....X_... 0020 - b3 9f 82 04 83 a2 13 cc-36 41 fe 1c 25 c9 b8 e5 ........6A..%... 0030 - ee 26 9e a3 51 f8 23 7a-06 40 c9 b3 23 ab 65 ba .&..Q.#z.@..#.e. 0040 - 2b 74 62 c4 a9 10 e5 76-7e 7c 64 e8 1a 29 e5 98 +tb....v~|d..).. 0050 - 3d e5 3f fa f3 2b 4e d1-be 5a a0 6b 24 83 6f db =.?..+N..Z.k$.o. 0060 - 81 06 24 db 53 98 b5 83-8b fc c9 db 3b 53 54 dc ..$.S.......;ST. 0070 - c9 24 b2 a1 23 d4 36 a8-70 f1 5d a7 a0 91 6c f8 .$..#.6.p.]...l. 0080 - aa 0c 7d 4e 03 93 c6 4e-42 d9 f7 97 1c 0e ac 2c ..}N...NB......, 0090 - 2f be 54 e4 23 48 0b 10-c0 b0 38 c7 02 9c 26 57 /.T.#H....8...&W 00a0 - 6f 14 2c 68 6a 9f af f0-2b ce 3f fd 97 95 b7 07 o.,hj...+.?..... 00b0 - af ad 26 94 e8 9e a9 a9-00 86 11 42 b6 fe e0 0a ..&........B.... Compression: 1 (zlib compression) Start Time: 1350815015 Timeout : 300 (sec) Verify return code: 21 (unable to verify the first certificate) --- ^C
Yep, missed that step when installing the certificates. Have intermediate certs, and I'm fixing it now.
Fixed ===== > openssl s_client -showcerts -connect mirror.openshift.com:443 CONNECTED(00000003) depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA verify return:1 depth=1 C = US, O = "GeoTrust, Inc.", CN = GeoTrust SSL CA verify return:1 depth=0 serialNumber = VJ007OqVUpqL6ncl1rzkriz-yvA8kCKR, C = US, ST = North Carolina, L = Raleigh, O = Red Hat Inc, OU = RHC Cloud Operations, CN = mirror.openshift.com verify return:1 --- Certificate chain 0 s:/serialNumber=VJ007OqVUpqL6ncl1rzkriz-yvA8kCKR/C=US/ST=North Carolina/L=Raleigh/O=Red Hat Inc/OU=RHC Cloud Operations/CN=mirror.openshift.com i:/C=US/O=GeoTrust, Inc./CN=GeoTrust SSL CA ... ... ... Compression: 1 (zlib compression) Start Time: 1351027768 Timeout : 300 (sec) Verify return code: 0 (ok)
Tested this issue on devenv_2377, it has been fixed now, thanks. [root@ip-10-12-181-214 ~]# openssl s_client -showcerts -connect mirror.openshift.com:443 CONNECTED(00000003) depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA verify return:1 depth=1 C = US, O = "GeoTrust, Inc.", CN = GeoTrust SSL CA verify return:1 depth=0 serialNumber = VJ007OqVUpqL6ncl1rzkriz-yvA8kCKR, C = US, ST = North Carolina, L = Raleigh, O = Red Hat Inc, OU = RHC Cloud Operations, CN = mirror.openshift.com verify return:1 --- Certificate chain 0 s:/serialNumber=VJ007OqVUpqL6ncl1rzkriz-yvA8kCKR/C=US/ST=North Carolina/L=Raleigh/O=Red Hat Inc/OU=RHC Cloud Operations/CN=mirror.openshift.com i:/C=US/O=GeoTrust, Inc./CN=GeoTrust SSL CA .... .... Compression: 1 (zlib compression) Start Time: 1351141069 Timeout : 300 (sec) Verify return code: 0 (ok) --- closed