[core@worker-1 ~]$ curl -vvI
https://cp4s.ocp.etele.com.ua/console* Trying 192.168.1.148...
* TCP_NODELAY set
* Connected to
cp4s.ocp.etele.com.ua (192.168.1.148) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here:
https://curl.haxx.se/docs/sslcerts.htmlcurl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
[root@nfs ~]# openssl s_client -showcerts -servername
cp4s.ocp.etele.com.ua -connect
cp4s.ocp.etele.com.ua:443CONNECTED(00000003)
depth=0 CN =
cp4s.ocp.etele.com.uaverify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN =
cp4s.ocp.etele.com.uaverify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:/CN=
cp4s.ocp.etele.com.ua i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgISBH2ERCgpFhKfblZVxBQfG9d8MA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0yMDA0MjcwNzQ2MDNaFw0y
MDA3MjYwNzQ2MDNaMCAxHjAcBgNVBAMTFWNwNHMub2NwLmV0ZWxlLmNvbS51YTCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANH52zOktGsXoSwEdaL3xjd+
Pdiuh12ciU9cY3xtzHk5tMombCkSZqhGcKNGril/luPbV9YZUB938+S+AKY61aGH
j1WGwfsmveklJV4ZFfE9SiLq5tSiLRMT8Ba/KsUlA4JBO4L7Kui1rmBqafh+/d8K
UM2muV5lQr/kL6xmKaMGk9xvBOTPXKOSnxcxwmGHEm7P2QMOS11/xuLvNTVIxgLb
mXH9hgq3R05EBB5ox9NqrcTFfmKbk2iT5taGFuO9jzdEwP0+w2zX3xNVC4qaHOxC
aVUEL0lgr3JXluv1EbIPA3bEqFPlIhuWFqvTmlb5s3HTJtjTsbB8bOOUH7sLSUcC
AwEAAaOCAmgwggJkMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcD
AQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUb43OXzC3F3id/Q7q
hK4usF+Bmx4wHwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7/Oo7KEwbwYIKwYB
BQUHAQEEYzBhMC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcC5pbnQteDMubGV0c2Vu
Y3J5cHQub3JnMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDMubGV0c2Vu
Y3J5cHQub3JnLzAgBgNVHREEGTAXghVjcDRzLm9jcC5ldGVsZS5jb20udWEwTAYD
VR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYa
aHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggECBgorBgEEAdZ5AgQCBIHzBIHw
AO4AdQCyHgXMi6LNiiBOh2b5K7mKJSBna9r6cOeySVMt74uQXgAAAXG60JMqAAAE
AwBGMEQCIDfWNf6nGrOUDfcstIiNWQVGhFG7Tgt+1EuKLPTG2jM7AiBurxxNI/Yx
+HHg54xSXIu+6WK2b3th9X1mwO/RsD3OawB1AOcS8rA3fhpi+47JDGGE8ep7N8tW
HREmW/Pg80vyQVRuAAABcbrQkzwAAAQDAEYwRAIgW+7SEi8FdojusHBhfZh0Nt91
Kz8GSvS5P2xeRmglNWoCIGymgnjpMGD1E2dQ99GfHqX3gMIKSE4dgh3CSTt1dhvj
MA0GCSqGSIb3DQEBCwUAA4IBAQCJNLl8vzg/JNDgS/gRMbKWBqIDqFYXx1RUYSee
SdO9WHMuZmP1y1mAPc+gn0p6qV84mni9q1oLITydpLseF/ZTj6YB+eZzCeBT+6/U
YqFYlK2F81Gbqm5Ft5SEsSm1s1rveyWEsFWTLoVvyZVkWL5lF6CTPwL/M/QpeMa1
9b0ETo268cHki00DU+LVhlufDODiGEWAmenXUp97w4m0k2ioWlq+oIYSqB0Ts3VJ
6cO3ip0Vm6IM2VyQqtl5042pc6IG7luwqv1XSv12JKv4MaZJioA7RGaRCMsZCz93
xdadLrzR9mVf6OcOlzsEgpFmyq0Q2m6N5VxDheiozkzjtpFp
-----END CERTIFICATE-----
---
Server certificate
subject=/CN=
cp4s.ocp.etele.com.uaissuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
---
No client certificate CA names sent
Peer signing digest: SHA256
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 2064 bytes and written 445 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID: 772693E846352FC40E6F4DADC5ACE029D8C8966CDEA57E04BF0C9500B4E65830
Session-ID-ctx:
Master-Key: 0B28755A7C9F0419F9EB6B2C00CE1C830957E2D841774A45D4EA28BA3C9468898AF65C6DF4E992FEC43D38EFCFA15901
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 7a e2 95 08 09 75 4b fb-4d d5 8e 9c 9c d1 e0 05 z....uK.M.......
0010 - 05 b2 14 26 ae d0 d0 52-c9 f8 64 8e b6 fd b8 19 ...&...R..d.....
0020 - 9e 1f 29 44 09 e7 78 08-ca ec a7 85 42 d5 b4 fa ..)D..x.....B...
0030 - 62 8e 11 d2 0a 7a a0 27-c9 4c e3 95 f8 55 49 ab b....z.'.L...UI.
0040 - cc 19 58 87 a4 9e 3c 4c-b1 d5 e4 7e 91 e2 e1 75 ..X...<L...~...u
0050 - 38 ae 0c 58 59 0c fc 0a-94 72 84 a1 e7 2b 2f 4f 8..XY....r...+/O
0060 - f4 76 08 eb 97 61 ab 5d-b5 f7 6b a9 67 84 a4 70 .v...a.]..k.g..p
0070 - ce ea 7a 7f 8a 61 6c 4d-f5 95 87 75 5a 94 db 52 ..z..alM...uZ..R
0080 - 3e a8 17 28 0e 42 10 62-f1 55 9e 2a 62 fc 81 9b >..(.B.b.U.*b...
0090 - 5e b4 8f 21 7b 21 ce 27-2d 09 9c d8 59 70 b0 1f ^..!{!.'-...Yp..
00a0 - cb 56 07 96 06 ec a6 31-de 77 a5 43 fc ad be 47 .V.....1.w.C...G
00b0 - b3 99 20 e0 09 20 ee aa-e9 07 6f 05 ec a7 2c 19 .. .. ....o...,.
Start Time: 1588078507
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)
---
read:errno=0