search

kubernetes / registry.k8s.io

This project is the repo for registry.k8s.io, the production OCI registry service for Kubernetes' container image artifacts
https://registry.k8s.io
Apache License 2.0
403 stars 73 forks source link

Unable to download docker images from registry.k8s.io due to x509: certificate is not valid for any names, but wanted to match prod-registry-k8s-io-ap-south-1.s3.dualstack.ap-south-1.amazonaws.com #264

Closed yagyeshp closed 1 year ago

yagyeshp commented 1 year ago

Is there an existing issue for this?

What did you expect to happen?

Image should have been downloaded, but stick in below error.

docker pull registry.k8s.io/kube-scheduler:v1.26.9 v1.26.9: Pulling from kube-scheduler a7ca0d9ba68f: Already exists fe5ca62666f0: Already exists b02a7525f878: Already exists fcb6f6d2c998: Already exists e8c73c638ae9: Already exists 1e3d9b7d1452: Already exists 4aa0ea1413d3: Already exists 7c881f9ab25e: Already exists 5627a970d25e: Already exists 167eb620404e: Already exists 23d25d10ce41: Retrying in 1 second error pulling image configuration: download failed after attempts=6: tls: failed to verify certificate: x509: certificate is not valid for any names, but wanted to match prod-registry-k8s-io-ap-south-1.s3.dualstack.ap-south-1.amazonaws.com

Debugging Information

dig registry.k8s.io working

TL;DR

;; ANSWER SECTION: registry.k8s.io. 764 IN A 34.96.108.209

curl -v https://registry.k8s.io/v2/ working

TL;DR

GET /v2/ HTTP/2 Host: registry.k8s.io user-agent: curl/7.68.0 accept: /

  • TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
  • TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
  • old SSL session ID is stale, removing
  • Connection state changed (MAX_CONCURRENT_STREAMS == 100)! < HTTP/2 200 < docker-distribution-api-version: registry/2.0 < x-cloud-trace-context: 529ad23c3077eb99aaddb7b7a87f384e < date: Tue, 10 Oct 2023 04:38:49 GMT < content-type: text/html < server: Google Frontend < content-length: 0 < via: 1.1 google, 1.1 google < alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 <
  • Connection #0 to host registry.k8s.io left intact

Anything else?

When trying to check ssl certificate of prod-registry-k8s-io-ap-south-1.s3.dualstack.ap-south-1.amazonaws.com by below command, its giving following errors -- verify error:num=20:unable to get local issuer certificate -- verify error:num=21:unable to verify the first certificate

openssl s_client -showcerts -connect prod-registry-k8s-io-ap-south-1.s3.dualstack.ap-south-1.amazonaws.com:443 </dev/null

CONNECTED(00000003)
depth=0 CN = untangle
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = untangle
verify error:num=21:unable to verify the first certificate
verify return:1
depth=0 CN = untangle
verify return:1
---
Certificate chain
 0 s:CN = untangle
   i:C = US, ST = California, L = Sunnyvale, O = Untangle, OU = Security, CN = www.untangle.com
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA1
   v:NotBefore: Jan  2 03:04:05 2010 GMT; NotAfter: Jan  2 03:04:05 2038 GMT
-----BEGIN CERTIFICATE-----
MIIDiDCCAnCgAwIBAgIIFAJXJkkAAAAwDQYJKoZIhvcNAQEFBQAwdzELMAkGA1UE
BhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTER
MA8GA1UEChMIVW50YW5nbGUxETAPBgNVBAsTCFNlY3VyaXR5MRkwFwYDVQQDExB3
d3cudW50YW5nbGUuY29tMB4XDTEwMDEwMjAzMDQwNVoXDTM4MDEwMjAzMDQwNVow
EzERMA8GA1UEAxMIdW50YW5nbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQCue1N+lqJX2p1/tSOhMwFZsFxmVuOFqb4RiCYG+n6VUsERL7A2zt3uzom+
KgmcACMnDnmAhZsfTpLEZzBWT5o1uqfiAWj4TBXbo1EU0vaHn9jwp5kC+sNkzVmJ
1M7pJ/B9dL2jcpY17OEKm72a4hZPlo6q+FnjR2o8XWjeSbeNDC5lo22lA14KwjeK
UufScnIyQmEAC+tq4QvpXwt6lWyFPHqARWv0tlkoRrtAtXQB7/Yg92j5B1FG2mUl
Zq3/HqlEBb3o7hPjIzXK6HZcX5IOFdFS5nMPkHbkI9PMr8fp4EEjZGnZ84f78HL5
d8ONqT3ZMDjbHBNcsNfyNHfwI2OzAgMBAAGjfDB6MAkGA1UdEwQCMAAwLQYJYIZI
AYb4QgENBCAWHlVudGFuZ2xlIENlcnRpZmljYXRlIEF1dGhvcml0eTAdBgNVHQ4E
FgQUffPtvUkw2RgzJmRzufEYZZHq/hwwHwYDVR0jBBgwFoAUo3aMax6f0Bs2Vy2M
CaXqmORZQ4kwDQYJKoZIhvcNAQEFBQADggEBAKqn9Q+T3N2G4NaehiGZ3WVroskf
bIUadeZsKOYv0HryIfCrtZRqz1W3Wi3z4y4s8gXDWZ5s/XayldkYhEMtBxHUfMUr
zetYP19c1GgPjrxUXZHoWzjOPFQnkZvIWx53UzbJicjgE5CYlwbemVS7F2SrPyof
jc7xMgflFZhQkELeWngSQIlKg3iChVFfkF0FIOVm7upuUHhGN4xqacNjFXPqQSav
ccjM42EJ4k4HX+HpKenZ96Y3rsE3FMl6teJ6MgbXXrH+v3oMK8qoS4JYAqiRrbpQ
HbxBHSnPZUeVIPjgQlUh3Dzzmy649M9rLUWnhFlAdgFJmrtPtsh0tduM3dY=
-----END CERTIFICATE-----
---
Server certificate
subject=CN = untangle
issuer=C = US, ST = California, L = Sunnyvale, O = Untangle, OU = Security, CN = www.untangle.com
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 1440 bytes and written 455 bytes
Verification error: unable to verify the first certificate
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 21 (unable to verify the first certificate)
---
DONE

Code of Conduct

dims commented 1 year ago

@yagyeshp you have a firewall that gets in the way ( https://www.google.com/search?q=%22www.untangle.com%22 ).

See my output below:

$ openssl s_client -showcerts -connect prod-registry-k8s-io-ap-south-1.s3.dualstack.ap-south-1.amazonaws.com:443 </dev/null

CONNECTED(00000005)
depth=2 C = US, O = Amazon, CN = Amazon Root CA 1
verify return:1
depth=1 C = US, O = Amazon, CN = Amazon RSA 2048 M01
verify return:1
depth=0 CN = *.s3.ap-south-1.amazonaws.com
verify return:1
---
Certificate chain
 0 s:CN = *.s3.ap-south-1.amazonaws.com
   i:C = US, O = Amazon, CN = Amazon RSA 2048 M01
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Apr 11 00:00:00 2023 GMT; NotAfter: Dec 13 23:59:59 2023 GMT
-----BEGIN CERTIFICATE-----
MIIIBjCCBu6gAwIBAgIQAVPFh8Jboj9pYzqcIT8iuzANBgkqhkiG9w0BAQsFADA8
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g
UlNBIDIwNDggTTAxMB4XDTIzMDQxMTAwMDAwMFoXDTIzMTIxMzIzNTk1OVowKDEm
MCQGA1UEAwwdKi5zMy5hcC1zb3V0aC0xLmFtYXpvbmF3cy5jb20wggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6k1ksrZMEA/XW48HiqsZXAWqBPS8UKFGK
MtQxuBFmzPXSeoLPzKcRR5hrFsvdViFFLHxJ3M6eEuthMNkLLyJLahAAbLLVrTnQ
lSEHdIiq05Ax05TJRbIqSgGyIRy+IglIXVu7qlV8xpiIAQ4phrvYPoApobLp8qHQ
HyJ3EbhIroOzocdx0AkcGNGr+++k8ai9Kiz/gN4djL36/SDutdOyhR0AelChY6yI
VKrZyVKKROo2Q9CE4jk1Uy5xM0krtJDcVvPcRkQN45kcsrQVplVFp+F1bf9St/O4
4VdsUkXZ22GMNslbv5qa5oMFAzN1/Rxsvox8vPvs0JQ+leReHzU3AgMBAAGjggUW
MIIFEjAfBgNVHSMEGDAWgBSBuA5jiokSGOX6OztQlZ/m5ZAThTAdBgNVHQ4EFgQU
IJ7OT82YJg+HMmBWbY25YbMVje8wggJHBgNVHREEggI+MIICOoIdKi5zMy5hcC1z
b3V0aC0xLmFtYXpvbmF3cy5jb22CG3MzLmFwLXNvdXRoLTEuYW1hem9uYXdzLmNv
bYIdKi5zMy1hcC1zb3V0aC0xLmFtYXpvbmF3cy5jb22CG3MzLWFwLXNvdXRoLTEu
YW1hem9uYXdzLmNvbYInKi5zMy5kdWFsc3RhY2suYXAtc291dGgtMS5hbWF6b25h
d3MuY29tgiVzMy5kdWFsc3RhY2suYXAtc291dGgtMS5hbWF6b25hd3MuY29tghIq
LnMzLmFtYXpvbmF3cy5jb22CJSouczMtY29udHJvbC5hcC1zb3V0aC0xLmFtYXpv
bmF3cy5jb22CI3MzLWNvbnRyb2wuYXAtc291dGgtMS5hbWF6b25hd3MuY29tgi8q
LnMzLWNvbnRyb2wuZHVhbHN0YWNrLmFwLXNvdXRoLTEuYW1hem9uYXdzLmNvbYIt
czMtY29udHJvbC5kdWFsc3RhY2suYXAtc291dGgtMS5hbWF6b25hd3MuY29tgikq
LnMzLWFjY2Vzc3BvaW50LmFwLXNvdXRoLTEuYW1hem9uYXdzLmNvbYIzKi5zMy1h
Y2Nlc3Nwb2ludC5kdWFsc3RhY2suYXAtc291dGgtMS5hbWF6b25hd3MuY29tgigq
LnMzLWRlcHJlY2F0ZWQuYXAtc291dGgtMS5hbWF6b25hd3MuY29tgiZzMy1kZXBy
ZWNhdGVkLmFwLXNvdXRoLTEuYW1hem9uYXdzLmNvbTAOBgNVHQ8BAf8EBAMCBaAw
HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMDsGA1UdHwQ0MDIwMKAuoCyG
Kmh0dHA6Ly9jcmwucjJtMDEuYW1hem9udHJ1c3QuY29tL3IybTAxLmNybDATBgNV
HSAEDDAKMAgGBmeBDAECATB1BggrBgEFBQcBAQRpMGcwLQYIKwYBBQUHMAGGIWh0
dHA6Ly9vY3NwLnIybTAxLmFtYXpvbnRydXN0LmNvbTA2BggrBgEFBQcwAoYqaHR0
cDovL2NydC5yMm0wMS5hbWF6b250cnVzdC5jb20vcjJtMDEuY2VyMAwGA1UdEwEB
/wQCMAAwggF9BgorBgEEAdZ5AgQCBIIBbQSCAWkBZwB1AOg+0No+9QY1MudXKLyJ
a8kD08vREWvs62nhd31tBr1uAAABh3Igs4sAAAQDAEYwRAIgZYWu3T7vDF+SFgx+
tZl46h7dpc3ivcgcT7k9DkUmSuoCIBqjb+mgAv+DCsmBFOD3EpogkXU4vdSi2N2p
V3wmT6ZpAHYAs3N3B+GEUPhjhtYFqdwRCUp5LbFnDAuH3PADDnk2pZoAAAGHciCz
xwAABAMARzBFAiBsfaZJVUuMVY7iyIC7lsk/Wsts0ab9uRqNO9S//jSTdgIhAKZu
Tscz56YkJMsxk/f1rb4Lp1egjt/cnalvPRQs619SAHYAejKMVNi3LbYg6jjgUh7p
hBZwMhOFTTvSK8E6V6NS61IAAAGHciCzQAAABAMARzBFAiEA6YlrUHuC/TH7GzEy
Xcjyozu8EHHZvs8FGk/HpK/xflkCIGNfTqzw1Xjob8hgouBDYY+UiYAxRxtRoEv8
NSVBQ3VQMA0GCSqGSIb3DQEBCwUAA4IBAQCrOJacYA7GejH8AEDiDR2mLZKFSbL0
292Tn25iJDZFf+0TBVzikrNVxi6DSmxRo4qCmjxu2PphFE0HxJuymz9VhBhR9tzu
BgpjTQ88RICmHZW6GcgTGMdjc0QGjUU9DC0cEqSU9nI3rvK8kUdgzBSIFUag5cnB
xtRX5MLxFYX18OrWLXOHsWY6Cpnh1mh29d9ymt7m5BAe/aO4lBV0P0wIKNJlgvKV
sH1W8l7d2Y1Q8fc4S5wwmPYHoaXjSYrAf0cL6+AjCGEIkWbS2dz4mGQ/rabxE6/u
+C+PPRz2/i5GnuOdmgh5T7Z4nQoNWTu+xWqRQypdYyx1aXlMvHgB6s6v
-----END CERTIFICATE-----
 1 s:C = US, O = Amazon, CN = Amazon RSA 2048 M01
   i:C = US, O = Amazon, CN = Amazon Root CA 1
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Aug 23 22:21:28 2022 GMT; NotAfter: Aug 23 22:21:28 2030 GMT
-----BEGIN CERTIFICATE-----
MIIEXjCCA0agAwIBAgITB3MSOAudZoijOx7Zv5zNpo4ODzANBgkqhkiG9w0BAQsF
ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6
b24gUm9vdCBDQSAxMB4XDTIyMDgyMzIyMjEyOFoXDTMwMDgyMzIyMjEyOFowPDEL
MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEcMBoGA1UEAxMTQW1hem9uIFJT
QSAyMDQ4IE0wMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOtxLKnL
H4gokjIwr4pXD3i3NyWVVYesZ1yX0yLI2qIUZ2t88Gfa4gMqs1YSXca1R/lnCKeT
epWSGA+0+fkQNpp/L4C2T7oTTsddUx7g3ZYzByDTlrwS5HRQQqEFE3O1T5tEJP4t
f+28IoXsNiEzl3UGzicYgtzj2cWCB41eJgEmJmcf2T8TzzK6a614ZPyq/w4CPAff
nAV4coz96nW3AyiE2uhuB4zQUIXvgVSycW7sbWLvj5TDXunEpNCRwC4kkZjK7rol
jtT2cbb7W2s4Bkg3R42G3PLqBvt2N32e/0JOTViCk8/iccJ4sXqrS1uUN4iB5Nmv
JK74csVl+0u0UecCAwEAAaOCAVowggFWMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYD
VR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNV
HQ4EFgQUgbgOY4qJEhjl+js7UJWf5uWQE4UwHwYDVR0jBBgwFoAUhBjMhTTsvAyU
lC4IWZzHshBOCggwewYIKwYBBQUHAQEEbzBtMC8GCCsGAQUFBzABhiNodHRwOi8v
b2NzcC5yb290Y2ExLmFtYXpvbnRydXN0LmNvbTA6BggrBgEFBQcwAoYuaHR0cDov
L2NydC5yb290Y2ExLmFtYXpvbnRydXN0LmNvbS9yb290Y2ExLmNlcjA/BgNVHR8E
ODA2MDSgMqAwhi5odHRwOi8vY3JsLnJvb3RjYTEuYW1hem9udHJ1c3QuY29tL3Jv
b3RjYTEuY3JsMBMGA1UdIAQMMAowCAYGZ4EMAQIBMA0GCSqGSIb3DQEBCwUAA4IB
AQCtAN4CBSMuBjJitGuxlBbkEUDeK/pZwTXv4KqPK0G50fOHOQAd8j21p0cMBgbG
kfMHVwLU7b0XwZCav0h1ogdPMN1KakK1DT0VwA/+hFvGPJnMV1Kx2G4S1ZaSk0uU
5QfoiYIIano01J5k4T2HapKQmmOhS/iPtuo00wW+IMLeBuKMn3OLn005hcrOGTad
hcmeyfhQP7Z+iKHvyoQGi1C0ClymHETx/chhQGDyYSWqB/THwnN15AwLQo0E5V9E
SJlbe4mBlqeInUsNYugExNf+tOiybcrswBy8OFsd34XOW3rjSUtsuafd9AWySa3h
xRRrwszrzX/WWGm6wyB+f7C4
-----END CERTIFICATE-----
 2 s:C = US, O = Amazon, CN = Amazon Root CA 1
   i:C = US, ST = Arizona, L = Scottsdale, O = "Starfield Technologies, Inc.", CN = Starfield Services Root Certificate Authority - G2
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: May 25 12:00:00 2015 GMT; NotAfter: Dec 31 01:00:00 2037 GMT
-----BEGIN CERTIFICATE-----
MIIEkjCCA3qgAwIBAgITBn+USionzfP6wq4rAfkI7rnExjANBgkqhkiG9w0BAQsF
ADCBmDELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNj
b3R0c2RhbGUxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4x
OzA5BgNVBAMTMlN0YXJmaWVsZCBTZXJ2aWNlcyBSb290IENlcnRpZmljYXRlIEF1
dGhvcml0eSAtIEcyMB4XDTE1MDUyNTEyMDAwMFoXDTM3MTIzMTAxMDAwMFowOTEL
MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv
b3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ4gHHKeNXj
ca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgHFzZM
9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qw
IFAGbHrQgLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6
VOujw5H5SNz/0egwLX0tdHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L
93FcXmn/6pUCyziKrlA4b9v7LWIbxcceVOF34GfID5yHI9Y/QCB/IIDEgEw+OyQm
jgSubJrIqg0CAwEAAaOCATEwggEtMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/
BAQDAgGGMB0GA1UdDgQWBBSEGMyFNOy8DJSULghZnMeyEE4KCDAfBgNVHSMEGDAW
gBScXwDfqgHXMCs4iKK4bUqc8hGRgzB4BggrBgEFBQcBAQRsMGowLgYIKwYBBQUH
MAGGImh0dHA6Ly9vY3NwLnJvb3RnMi5hbWF6b250cnVzdC5jb20wOAYIKwYBBQUH
MAKGLGh0dHA6Ly9jcnQucm9vdGcyLmFtYXpvbnRydXN0LmNvbS9yb290ZzIuY2Vy
MD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6Ly9jcmwucm9vdGcyLmFtYXpvbnRydXN0
LmNvbS9yb290ZzIuY3JsMBEGA1UdIAQKMAgwBgYEVR0gADANBgkqhkiG9w0BAQsF
AAOCAQEAYjdCXLwQtT6LLOkMm2xF4gcAevnFWAu5CIw+7bMlPLVvUOTNNWqnkzSW
MiGpSESrnO09tKpzbeR/FoCJbM8oAxiDR3mjEH4wW6w7sGDgd9QIpuEdfF7Au/ma
eyKdpwAJfqxGF4PcnCZXmTA5YpaP7dreqsXMGz7KQ2hsVxa81Q4gLv7/wmpdLqBK
bRRYh5TmOTFffHPLkIhqhBGWJ6bt2YFGpn6jcgAKUj6DiAdjd4lpFw85hdKrCEVN
0FE6/V1dN2RMfjCyVSRCnTawXZwXgWHxyvkQAiSr6w10kY17RSlQOYiypok1JR4U
akcjMS9cmvqtmg5iUaQqqcT5NJ0hGA==
-----END CERTIFICATE-----
 3 s:C = US, ST = Arizona, L = Scottsdale, O = "Starfield Technologies, Inc.", CN = Starfield Services Root Certificate Authority - G2
   i:C = US, O = "Starfield Technologies, Inc.", OU = Starfield Class 2 Certification Authority
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Sep  2 00:00:00 2009 GMT; NotAfter: Jun 28 17:39:16 2034 GMT
-----BEGIN CERTIFICATE-----
MIIEdTCCA12gAwIBAgIJAKcOSkw0grd/MA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNV
BAYTAlVTMSUwIwYDVQQKExxTdGFyZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTIw
MAYDVQQLEylTdGFyZmllbGQgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
eTAeFw0wOTA5MDIwMDAwMDBaFw0zNDA2MjgxNzM5MTZaMIGYMQswCQYDVQQGEwJV
UzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTElMCMGA1UE
ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjE7MDkGA1UEAxMyU3RhcmZp
ZWxkIFNlcnZpY2VzIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVDDrEKvlO4vW+GZdfjohTsR8/
y8+fIBNtKTrID30892t2OGPZNmCom15cAICyL1l/9of5JUOG52kbUpqQ4XHj2C0N
Tm/2yEnZtvMaVq4rtnQU68/7JuMauh2WLmo7WJSJR1b/JaCTcFOD2oR0FMNnngRo
Ot+OQFodSk7PQ5E751bWAHDLUu57fa4657wx+UX2wmDPE1kCK4DMNEffud6QZW0C
zyyRpqbn3oUYSXxmTqM6bam17jQuug0DuDPfR+uxa40l2ZvOgdFFRjKWcIfeAg5J
Q4W2bHO7ZOphQazJ1FTfhy/HIrImzJ9ZVGif/L4qL8RVHHVAYBeFAlU5i38FAgMB
AAGjgfAwge0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0O
BBYEFJxfAN+qAdcwKziIorhtSpzyEZGDMB8GA1UdIwQYMBaAFL9ft9HO3R+G9FtV
rNzXEMIOqYjnME8GCCsGAQUFBwEBBEMwQTAcBggrBgEFBQcwAYYQaHR0cDovL28u
c3MyLnVzLzAhBggrBgEFBQcwAoYVaHR0cDovL3guc3MyLnVzL3guY2VyMCYGA1Ud
HwQfMB0wG6AZoBeGFWh0dHA6Ly9zLnNzMi51cy9yLmNybDARBgNVHSAECjAIMAYG
BFUdIAAwDQYJKoZIhvcNAQELBQADggEBACMd44pXyn3pF3lM8R5V/cxTbj5HD9/G
VfKyBDbtgB9TxF00KGu+x1X8Z+rLP3+QsjPNG1gQggL4+C/1E2DUBc7xgQjB3ad1
l08YuW3e95ORCLp+QCztweq7dp4zBncdDQh/U90bZKuCJ/Fp1U1ervShw3WnWEQt
8jxwmKy6abaVd38PMV4s/KCHOkdp8Hlf9BRUpJVeEXgSYCfOn8J3/yNTd126/+pZ
59vPr5KW7ySaNRB6nJHGDn2Z9j8Z3/VyVOEVqQdZe4O/Ui5GjLIAZHYcSNPYeehu
VsyuLAOQ1xk4meTKCRlb/weWsKh/NEnfVqn3sF/tM+2MR7cwA130A4w=
-----END CERTIFICATE-----
---
Server certificate
subject=CN = *.s3.ap-south-1.amazonaws.com
issuer=C = US, O = Amazon, CN = Amazon RSA 2048 M01
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA
Server Temp Key: ECDH, prime256v1, 256 bits
---
SSL handshake has read 6021 bytes and written 497 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID: 5D0FD05AABFD4B2717D15D490903CDF7A36844B6C2D75B1B0C3D02C3B8566702
    Session-ID-ctx:
    Master-Key: 1E1BD989DFAACE7DB17734D276FC02B23319183194441862F3743DD65B87D53392A3A91FA64C525C99F0D1EDC923BC38
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1696938346
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: yes
---
DONE
yagyeshp commented 1 year ago

@dims Sir, you are right. I now got it working by getting it fixed by network team.