Is it a legit CA or is it an MITM attack on a gateway level ?

Boris shtrasman borissh1983 at gmail.com
Thu Feb 17 16:31:50 IST 2011


Hi ,

Is it a legit CA or is it an MITM attack on a gateway level ?

Tested  - no arp poisoning.
Getting incorrect CA from google imap servers (but correct for https) I
belive that this some one on the infrastructure level.

~/ openssl s_client -connect imap.gmail.com:993 | openssl x509 -text | grep
Issuer
depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc/CN=imap.gmail.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc/CN=imap.gmail.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc/CN=imap.gmail.com
verify error:num=21:unable to verify the first certificate
verify return:1
        Issuer: C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate
Authority, CN=FortiGate CA/emailAddress=support at fortinet.com

~/ openssl s_client -connect gmail.com:443 | openssl x509 -text | grep
Issuer

depth=1 /C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA
verify error:num=20:unable to get local issuer certificate
verify return:0
        Issuer: C=ZA, O=Thawte Consulting (Pty) Ltd., CN=Thawte SGC CA
                CA Issuers - URI:
http://www.thawte.com/repository/Thawte_SGC_CA.crt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.cs.huji.ac.il/pipermail/linux-il/attachments/20110217/61b3993d/attachment.html>


More information about the Linux-il mailing list