Closed dkg closed 8 years ago
@dkg this is strange, it works perfectly for me.
➜ ~ gnutls-cli publicsuffix.org
Processed 193 CA certificate(s).
Resolving 'publicsuffix.org'...
Connecting to '63.245.213.24:443'...
- Certificate type: X.509
- Got a certificate list of 3 certificates.
- Certificate[0] info:
- subject `C=US,ST=California,L=Mountain View,O=Mozilla Foundation,CN=static-san.mozilla.org', issuer `C=US,O=DigiCert Inc,CN=DigiCert SHA2 Secure Server CA', RSA key 2048 bits, signed using RSA-SHA256, activated `2014-02-06 00:00:00 UTC', expires `2016-11-22 12:00:00 UTC', SHA-1 fingerprint `fd1ca36f891030e35132f769b2d922c087722ee3'
Public Key ID:
614c1be77c78318a333a8c9a8172eb4bf217751e
Public key's random art:
+--[ RSA 2048]----+
| o . o |
| o B o o |
| O = o |
| . o.oE+ o |
|o o ..+oS. |
|.. =. .. |
|. = . |
| = . |
| +o |
+-----------------+
- Certificate[1] info:
- subject `C=US,O=DigiCert Inc,CN=DigiCert SHA2 Secure Server CA', issuer `C=US,O=DigiCert Inc,OU=www.digicert.com,CN=DigiCert Global Root CA', RSA key 2048 bits, signed using RSA-SHA256, activated `2013-03-08 12:00:00 UTC', expires `2023-03-08 12:00:00 UTC', SHA-1 fingerprint `1fb86b1168ec743154062e8c9cc5b171a4b7ccb4'
- Certificate[2] info:
- subject `C=US,O=DigiCert Inc,OU=www.digicert.com,CN=DigiCert Global Root CA', issuer `C=US,O=DigiCert Inc,OU=www.digicert.com,CN=DigiCert Global Root CA', RSA key 2048 bits, signed using RSA-SHA1, activated `2006-11-10 00:00:00 UTC', expires `2031-11-10 00:00:00 UTC', SHA-1 fingerprint `a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c5436'
- Status: The certificate is trusted.
This is the certificate I get, and it contains publicsuffix.org in the SAN. https://censys.io/certificates/fc44201ab280c080aacccd8b4a1374020da8587cdff56dae397bea08415c0ad4
Can you try with a different machine?
Can't reproduce.
It looks to me like there's a cert mismatch on https://publicsuffix.org
Looking at the offered cer, i see it has the following SANs: