Is it a legit CA or is it an MITM attack on a gateway level ?
Boris shtrasman
borissh1983 at gmail.com
Thu Feb 17 16:31:50 IST 2011
Hi ,
Is it a legit CA or is it an MITM attack on a gateway level ?
Tested - no arp poisoning.
Getting incorrect CA from google imap servers (but correct for https) I
belive that this some one on the infrastructure level.
~/ openssl s_client -connect imap.gmail.com:993 | openssl x509 -text | grep
Issuer
depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc/CN=imap.gmail.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc/CN=imap.gmail.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc/CN=imap.gmail.com
verify error:num=21:unable to verify the first certificate
verify return:1
Issuer: C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate
Authority, CN=FortiGate CA/emailAddress=support at fortinet.com
~/ openssl s_client -connect gmail.com:443 | openssl x509 -text | grep
Issuer
depth=1 /C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA
verify error:num=20:unable to get local issuer certificate
verify return:0
Issuer: C=ZA, O=Thawte Consulting (Pty) Ltd., CN=Thawte SGC CA
CA Issuers - URI:
http://www.thawte.com/repository/Thawte_SGC_CA.crt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.cs.huji.ac.il/pipermail/linux-il/attachments/20110217/61b3993d/attachment.html>
More information about the Linux-il
mailing list