Tag Archives: SSL

Display HTTPS X509 Cert from Linux CLI

Recently, while attempting a git pull, I was confronted with the following error:

Peer's certificate issuer has been marked as not trusted by the user.

The operation worked on a browser on my dev machine, and closer inspection revealed that the cert used to serve the GitLab service was valid, but for some reason the remote CentOS Linux server couldn’t pull from the remote.

I found this post on StackOverflow detailing how to retrieve the X509 cert used to secure an HTTPS connection:

echo | openssl s_client -showcerts -servername MyGitServer.org -connect MyGitServer.org:443 2>/dev/null | openssl x509 -inform pem -noout -text

This was my ticket to discover why Git on my CentOS server didn’t like the certificate: the CentOS host was resolving the wrong DNS host name, and therefore using an invalid cert for the service.

And now a Haiku:

http://i.imgur.com/eAwdKEC.png

Let’s Encrypt Setup

The “Let’s Encrypt” setup process is very painless – Just clone a Git repo, run a comand, and edit some apache config files.

  1. sudo apt-get install git
  2.  sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
  3. cd /opt/letsencrypt
  4. ./letsencrypt-auto –apache -d ccrossan.com -d www.ccrossan.com
  5. edit the sites-enabled config files so that the appropriate virtual host uses the correct ssl certs.
  6. delete the newly generated ssl.conf file
  7. restart apache
  8. [Optional] Set up Cron for auto-renew
  9. sudo crontab -e
  10. 30 2 * * 1 /opt/letsencrypt/letsencrypt-auto renew >> /var/log/le-renew.log

 

These commands taken from the DigitalOcean Let’s Encrypt Setup Guide