Drush: Unable to download from https://ftp.drupal.org/…
Comme tous les CMS, framework, et autres sites open-source répandus, Drupal est sujet à beaucoup d’attaques, et donc à beaucoup de mises à jour de sécurité qu’il convient d’appliquer promptement. Habituellement ces mises à jour de Drupal se passent bien et ne réservent pas trop de surprises. Ce matin impossible de réaliser les mises à jour, drush refuse de télécharger la moindre mise à jour.
# drush pm-update Checking available update data ... [ok] Update information last refreshed: Thu, 10/20/2016 - 11:55 Update status information on all installed and enabled Drupal projects: Name Installed version Proposed version Status Administration menu (admin_menu) 7.x-3.0-rc5 7.x-3.0-rc5 Up to date Backup and Migrate (backup_migrate) 7.x-3.1 7.x-3.1 Up to date Drupal 7.44 7.51 Update available wysiwyg_ckeditor 7.x-1.0-beta1 7.x-1.0-beta1 Up to date Content Access (content_access) 7.x-1.2-beta2 7.x-1.2-beta2 Up to date Counter (counter) 7.x-1.0-beta3 7.x-1.0-beta3 Up to date Chaos tools (ctools) 7.x-1.11 7.x-1.11 Up to date Custom Search (custom_search) 7.x-1.20 7.x-1.20 Up to date Date (date) 7.x-2.9 7.x-2.9 Up to date Entity API (entity) 7.x-1.8 7.x-1.8 Up to date Entity Reference (entityreference) 7.x-1.2 7.x-1.2 Up to date Entity Reference View Widget (entityreference_view_widget) 7.x-2.0-rc7 7.x-2.0-rc7 Up to date EU Cookie Compliance (eu_cookie_compliance) 7.x-1.14 7.x-1.14 Up to date IMCE (imce) 7.x-1.10 7.x-1.10 Up to date IMCE Wysiwyg API bridge (imce_wysiwyg) 7.x-1.0 7.x-1.0 Up to date Insert (insert) 7.x-1.3 7.x-1.3 Up to date Menu Per Role (menu_per_role) 7.x-1.x-dev 7.x-1.x-dev Up to date Metatag (metatag) 7.x-1.17 7.x-1.17 Up to date Multiupload Filefield Widget (multiupload_filefield_widget) 7.x-1.13 7.x-1.13 Up to date No Current Password (nocurrent_pass) 7.x-1.0 7.x-1.0 Up to date Responsive Tables (responsive_tables) 7.x-2.x-dev 7.x-2.x-dev Up to date Site map (site_map) 7.x-1.3 7.x-1.3 Up to date Superfish (superfish) 7.x-1.9 7.x-1.9 Up to date Taxonomy Access Control Lite (tac_lite) 7.x-1.2 7.x-1.2 Up to date Token (token) 7.x-1.6 7.x-1.6 Up to date Views (views) 7.x-3.14 7.x-3.14 Up to date Views Ticker (views_ticker) 7.x-2.0 7.x-2.0 Up to date Visitors (visitors) 7.x-1.9 7.x-1.9 Up to date Webform (webform) 7.x-4.14 7.x-4.14 Up to date Webform multiple file (webform_multiple_file) 7.x-1.0-beta4 7.x-1.0-beta4 Up to date Wysiwyg (wysiwyg) 7.x-2.2 7.x-2.2 Up to date XML sitemap (xmlsitemap) 7.x-2.3 7.x-2.3 Up to date professional-responsive-theme 7.x-1.0 7.x-1.0 Up to date Code updates will be made to drupal core. WARNING: Updating core will discard any modifications made to Drupal core files, most noteworthy among these are .htaccess and robots.txt. If you have made any modifications to these files, please back them up before updating so that you can re-create your modifications in the updated version of the file. Note: Updating core can potentially break your site. It is NOT recommended to update production sites without prior testing. Do you really want to continue? (y/n): y Unable to download drupal-7.51.tar.gz to /APPLI/web_drupal from https://ftp.drupal.org/files/projects/drupal-7.51.tar.gz [error] Updating project drupal failed. Attempting to roll back to previously installed version. [error] Backups were restored successfully. [ok]
On relance la commande drush avec le paramètre -v pour essayer d’avoir plus de détails.
# drush -v pm-update Initialized Drupal 7.44 root directory at /APPLI/web_drupal [notice] Initialized Drupal site default at sites/default [notice] Loading release_info engine. [notice] Loading version_control engine. [notice] Loading package_handler engine. [notice] Executing: wget --version /usr/bin/php /usr/local/share/drush/drush.php --php=/usr/bin/php --backend=2 --verbose --root=/APPLI/web_drupal --uri=http://default batch-process 508 508 2>&1 [notice] Initialized Drupal 7.44 root directory at /APPLI/web_drupal [notice] Initialized Drupal site default at sites/default [notice] Checking available update data ... [ok] Checked available update data for Block. [ok] Checked available update data for one project. [status] Command dispatch complete [notice] Undefined index: path drupal.inc:121 [notice] Update information last refreshed: Thu, 10/20/2016 - 12:17 Update status information on all installed and enabled Drupal projects: Name Installed version Proposed version Status Administration menu (admin_menu) 7.x-3.0-rc5 7.x-3.0-rc5 Up to date Backup and Migrate (backup_migrate) 7.x-3.1 7.x-3.1 Up to date Drupal 7.44 7.51 Update available CKEditor for WYSIWYG (wysiwyg_ckeditor) 7.x-1.0-beta1 7.x-1.0-beta1 Up to date Content Access (content_access) 7.x-1.2-beta2 7.x-1.2-beta2 Up to date Counter (counter) 7.x-1.0-beta3 7.x-1.0-beta3 Up to date Chaos tools (ctools) 7.x-1.11 7.x-1.11 Up to date Custom Search (custom_search) 7.x-1.20 7.x-1.20 Up to date Date (date) 7.x-2.9 7.x-2.9 Up to date Entity API (entity) 7.x-1.8 7.x-1.8 Up to date Entity Reference (entityreference) 7.x-1.2 7.x-1.2 Up to date Entity Reference View Widget (entityreference_view_widget) 7.x-2.0-rc7 7.x-2.0-rc7 Up to date EU Cookie Compliance (eu_cookie_compliance) 7.x-1.14 7.x-1.14 Up to date IMCE (imce) 7.x-1.10 7.x-1.10 Up to date IMCE Wysiwyg API bridge (imce_wysiwyg) 7.x-1.0 7.x-1.0 Up to date Insert (insert) 7.x-1.3 7.x-1.3 Up to date Menu Per Role (menu_per_role) 7.x-1.x-dev 7.x-1.x-dev Up to date Metatag (metatag) 7.x-1.17 7.x-1.17 Up to date Multiupload Filefield Widget (multiupload_filefield_widget) 7.x-1.13 7.x-1.13 Up to date No Current Password (nocurrent_pass) 7.x-1.0 7.x-1.0 Up to date Responsive Tables (responsive_tables) 7.x-2.x-dev 7.x-2.x-dev Up to date Site map (site_map) 7.x-1.3 7.x-1.3 Up to date Superfish (superfish) 7.x-1.9 7.x-1.9 Up to date Taxonomy Access Control Lite (tac_lite) 7.x-1.2 7.x-1.2 Up to date Token (token) 7.x-1.6 7.x-1.6 Up to date Views (views) 7.x-3.14 7.x-3.14 Up to date Views Ticker (views_ticker) 7.x-2.0 7.x-2.0 Up to date Visitors (visitors) 7.x-1.9 7.x-1.9 Up to date Webform (webform) 7.x-4.14 7.x-4.14 Up to date Webform multiple file (webform_multiple_file) 7.x-1.0-beta4 7.x-1.0-beta4 Up to date Wysiwyg (wysiwyg) 7.x-2.2 7.x-2.2 Up to date XML sitemap (xmlsitemap) 7.x-2.3 7.x-2.3 Up to date Professional responsive theme (professional-responsive-theme) 7.x-1.0 7.x-1.0 Up to date Code updates will be made to drupal core. WARNING: Updating core will discard any modifications made to Drupal core files, most noteworthy among these are .htaccess and robots.txt. If you have made any modifications to these files, please back them up before updating so that you can re-create your modifications in the updated version of the file. Note: Updating core can potentially break your site. It is NOT recommended to update production sites without prior testing. Do you really want to continue? (y/n): y Executing: svn info /APPLI/web_drupal/drupal-7.51 Executing: bzr root /APPLI/web_drupal/drupal-7.51 Executing: wget --version <strong>Executing: wget -q --timeout=30 -O /tmp/download_fileHMDmNg https://ftp.drupal.org/files/projects/drupal-7.51.tar.gz </strong>Unable to download drupal-7.51.tar.gz to /APPLI/web_drupal from https://ftp.drupal.org/files/projects/drupal-7.51.tar.gz [error] Updating project drupal failed. Attempting to roll back to previously installed version.
Visiblement un problème avec la commande wget , on essaye de la passer manuellement en enlevant la paramètre -q (quiet) pour voir ce qui se passe:
#wget --timeout=30 -O /tmp/download_fileHMDmNg https://ftp.drupal.org/files/projects/drupal-7.51.tar.gz --2016-10-20 12:18:45-- https://ftp.drupal.org/files/projects/drupal-7.51.tar.gz Resolving ftp.drupal.org... 151.101.17.133 Connecting to ftp.drupal.org|151.101.17.133|:443... connected. ERROR: cannot verify ftp.drupal.org's certificate, issued by '/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Organization Validation CA - SHA256 - G2': Unable to locally verify the issuer's authority. To connect to ftp.drupal.org insecurely, use '--no-check-certificate'.
wget n’arrive pas à vérifier le certificat SSL du site ftp.drupal.org, l’utilisation de l’option –no-check-certificate est toujours une mauvaise idée, surtout quand on télécharge des programmes qui sont destinés à être mis en ligne sur un serveur de production, la vérification du certificat SSL étant la seule manière de d’assurer qu’on est bien connecté au site légitime.
Le serveur est un serveur sous Centos (donc dérivé de Red Hat Enterprise Linux), on met à jour le package ca-certificates avec yum et le tour est joué.
# yum update ca-certificates Loaded plugins: fastestmirror, security Loading mirror speeds from cached hostfile * base: mirrors.ircam.fr * extras: mirrors.ircam.fr * updates: centos.quelquesmots.fr Setting up Update Process Resolving Dependencies --> Running transaction check ---> Package ca-certificates.noarch 0:2010.63-3.el6_1.5 will be updated ---> Package ca-certificates.noarch 0:2015.2.6-65.0.1.el6_7 will be an update --> Processing Dependency: p11-kit-trust >= 0.18.4-2 for package: ca-certificates-2015.2.6-65.0.1.el6_7.noarch --> Processing Dependency: p11-kit >= 0.18.4-2 for package: ca-certificates-2015.2.6-65.0.1.el6_7.noarch --> Running transaction check ---> Package p11-kit.x86_64 0:0.18.5-2.el6_5.2 will be installed ---> Package p11-kit-trust.x86_64 0:0.18.5-2.el6_5.2 will be installed --> Processing Conflict: p11-kit-trust-0.18.5-2.el6_5.2.x86_64 conflicts nss < 3.14.3-33 --> Restarting Dependency Resolution with new changes. --> Running transaction check ---> Package nss.x86_64 0:3.13.3-6.el6 will be updated --> Processing Dependency: nss = 3.13.3-6.el6 for package: nss-tools-3.13.3-6.el6.x86_64 --> Processing Dependency: nss = 3.13.3-6.el6 for package: nss-sysinit-3.13.3-6.el6.x86_64 ---> Package nss.x86_64 0:3.21.0-8.el6 will be an update --> Processing Dependency: nss-util >= 3.21.0 for package: nss-3.21.0-8.el6.x86_64 --> Processing Dependency: nss-softokn(x86-64) >= 3.14.3-22 for package: nss-3.21.0-8.el6.x86_64 --> Processing Dependency: nspr >= 4.11.0 for package: nss-3.21.0-8.el6.x86_64 --> Processing Dependency: libnssutil3.so(NSSUTIL_3.21)(64bit) for package: nss-3.21.0-8.el6.x86_64 --> Processing Dependency: libnssutil3.so(NSSUTIL_3.17.1)(64bit) for package: nss-3.21.0-8.el6.x86_64 --> Processing Dependency: libnssutil3.so(NSSUTIL_3.15)(64bit) for package: nss-3.21.0-8.el6.x86_64 --> Processing Dependency: libnssutil3.so(NSSUTIL_3.14)(64bit) for package: nss-3.21.0-8.el6.x86_64 --> Running transaction check ---> Package nspr.x86_64 0:4.9-1.el6 will be updated ---> Package nspr.x86_64 0:4.11.0-1.el6 will be an update ---> Package nss-softokn.x86_64 0:3.12.9-11.el6 will be updated ---> Package nss-softokn.x86_64 0:3.14.3-23.3.el6_8 will be an update --> Processing Dependency: nss-softokn-freebl(x86-64) >= 3.14.3-23.3.el6_8 for package: nss-softokn-3.14.3-23.3.el6_8.x86_64 ---> Package nss-sysinit.x86_64 0:3.13.3-6.el6 will be updated ---> Package nss-sysinit.x86_64 0:3.21.0-8.el6 will be an update ---> Package nss-tools.x86_64 0:3.13.3-6.el6 will be updated ---> Package nss-tools.x86_64 0:3.21.0-8.el6 will be an update ---> Package nss-util.x86_64 0:3.13.3-2.el6 will be updated ---> Package nss-util.x86_64 0:3.21.0-2.el6 will be an update --> Running transaction check ---> Package nss-softokn-freebl.i686 0:3.14.3-23.el6_7 will be updated ---> Package nss-softokn-freebl.x86_64 0:3.14.3-23.el6_7 will be updated ---> Package nss-softokn-freebl.i686 0:3.14.3-23.3.el6_8 will be an update ---> Package nss-softokn-freebl.x86_64 0:3.14.3-23.3.el6_8 will be an update --> Finished Dependency Resolution Dependencies Resolved ============================================================================================================================================================================================================================================ Package Arch Version Repository Size ============================================================================================================================================================================================================================================ Updating: ca-certificates noarch 2015.2.6-65.0.1.el6_7 base 1.2 M nss x86_64 3.21.0-8.el6 base 859 k Installing for dependencies: p11-kit x86_64 0.18.5-2.el6_5.2 base 94 k p11-kit-trust x86_64 0.18.5-2.el6_5.2 base 71 k Updating for dependencies: nspr x86_64 4.11.0-1.el6 base 114 k nss-softokn x86_64 3.14.3-23.3.el6_8 updates 262 k nss-softokn-freebl i686 3.14.3-23.3.el6_8 updates 157 k nss-softokn-freebl x86_64 3.14.3-23.3.el6_8 updates 168 k nss-sysinit x86_64 3.21.0-8.el6 base 47 k nss-tools x86_64 3.21.0-8.el6 base 437 k nss-util x86_64 3.21.0-2.el6 base 67 k Transaction Summary ============================================================================================================================================================================================================================================ Install 2 Package(s) Upgrade 9 Package(s) Total download size: 3.5 M Is this ok [y/N]: y Downloading Packages: (1/11): ca-certificates-2015.2.6-65.0.1.el6_7.noarch.rpm | 1.2 MB 00:00 (2/11): nspr-4.11.0-1.el6.x86_64.rpm | 114 kB 00:00 (3/11): nss-3.21.0-8.el6.x86_64.rpm | 859 kB 00:00 (4/11): nss-softokn-3.14.3-23.3.el6_8.x86_64.rpm | 262 kB 00:00 (5/11): nss-softokn-freebl-3.14.3-23.3.el6_8.i686.rpm | 157 kB 00:00 (6/11): nss-softokn-freebl-3.14.3-23.3.el6_8.x86_64.rpm | 168 kB 00:00 (7/11): nss-sysinit-3.21.0-8.el6.x86_64.rpm | 47 kB 00:00 (8/11): nss-tools-3.21.0-8.el6.x86_64.rpm | 437 kB 00:00 (9/11): nss-util-3.21.0-2.el6.x86_64.rpm | 67 kB 00:00 (10/11): p11-kit-0.18.5-2.el6_5.2.x86_64.rpm | 94 kB 00:00 (11/11): p11-kit-trust-0.18.5-2.el6_5.2.x86_64.rpm | 71 kB 00:00 -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Total 4.0 MB/s | 3.5 MB 00:00 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Updating : nspr-4.11.0-1.el6.x86_64 1/20 Updating : nss-util-3.21.0-2.el6.x86_64 2/20 Updating : nss-softokn-freebl-3.14.3-23.3.el6_8.x86_64 3/20 Installing : p11-kit-0.18.5-2.el6_5.2.x86_64 4/20 Updating : nss-softokn-3.14.3-23.3.el6_8.x86_64 5/20 Updating : nss-3.21.0-8.el6.x86_64 6/20 Updating : nss-sysinit-3.21.0-8.el6.x86_64 7/20 Installing : p11-kit-trust-0.18.5-2.el6_5.2.x86_64 8/20 Updating : ca-certificates-2015.2.6-65.0.1.el6_7.noarch 9/20 Updating : nss-tools-3.21.0-8.el6.x86_64 10/20 Updating : nss-softokn-freebl-3.14.3-23.3.el6_8.i686 11/20 Cleanup : ca-certificates-2010.63-3.el6_1.5.noarch 12/20 Cleanup : nss-softokn-freebl-3.14.3-23.el6_7 13/20 Cleanup : nss-tools-3.13.3-6.el6.x86_64 14/20 Cleanup : nss-sysinit-3.13.3-6.el6.x86_64 15/20 Cleanup : nss-3.13.3-6.el6.x86_64 16/20 Cleanup : nss-softokn-3.12.9-11.el6.x86_64 17/20 Cleanup : nss-util-3.13.3-2.el6.x86_64 18/20 Cleanup : nspr-4.9-1.el6.x86_64 19/20 Cleanup : nss-softokn-freebl-3.14.3-23.el6_7 20/20 Verifying : p11-kit-0.18.5-2.el6_5.2.x86_64 1/20 Verifying : nss-util-3.21.0-2.el6.x86_64 2/20 Verifying : nss-3.21.0-8.el6.x86_64 3/20 Verifying : nss-softokn-3.14.3-23.3.el6_8.x86_64 4/20 Verifying : nss-sysinit-3.21.0-8.el6.x86_64 5/20 Verifying : nss-softokn-freebl-3.14.3-23.3.el6_8.x86_64 6/20 Verifying : nss-softokn-freebl-3.14.3-23.3.el6_8.i686 7/20 Verifying : nss-tools-3.21.0-8.el6.x86_64 8/20 Verifying : ca-certificates-2015.2.6-65.0.1.el6_7.noarch 9/20 Verifying : nspr-4.11.0-1.el6.x86_64 10/20 Verifying : p11-kit-trust-0.18.5-2.el6_5.2.x86_64 11/20 Verifying : nss-softokn-freebl-3.14.3-23.el6_7.i686 12/20 Verifying : nspr-4.9-1.el6.x86_64 13/20 Verifying : nss-3.13.3-6.el6.x86_64 14/20 Verifying : nss-softokn-freebl-3.14.3-23.el6_7.x86_64 15/20 Verifying : nss-sysinit-3.13.3-6.el6.x86_64 16/20 Verifying : nss-tools-3.13.3-6.el6.x86_64 17/20 Verifying : ca-certificates-2010.63-3.el6_1.5.noarch 18/20 Verifying : nss-util-3.13.3-2.el6.x86_64 19/20 Verifying : nss-softokn-3.12.9-11.el6.x86_64 20/20 Dependency Installed: p11-kit.x86_64 0:0.18.5-2.el6_5.2 p11-kit-trust.x86_64 0:0.18.5-2.el6_5.2 Updated: ca-certificates.noarch 0:2015.2.6-65.0.1.el6_7 nss.x86_64 0:3.21.0-8.el6 Dependency Updated: nspr.x86_64 0:4.11.0-1.el6 nss-softokn.x86_64 0:3.14.3-23.3.el6_8 nss-softokn-freebl.i686 0:3.14.3-23.3.el6_8 nss-softokn-freebl.x86_64 0:3.14.3-23.3.el6_8 nss-sysinit.x86_64 0:3.21.0-8.el6 nss-tools.x86_64 0:3.21.0-8.el6 nss-util.x86_64 0:3.21.0-2.el6 Complete!
Par curiosité vérifions le certificat qui a été présenté par le serveur ftp.drupal.org, pour ceci nous utilisons un combo de commandes openssl:
# openssl s_client -servername ftp.drupal.org -connect ftp.drupal.org:443 </dev/null | openssl x509 -text
depth=2 OU = GlobalSign Root CA - R3, O = GlobalSign, CN = GlobalSign
verify return:1
depth=1 C = BE, O = GlobalSign nv-sa, CN = GlobalSign Organization Validation CA - SHA256 - G2
verify return:1
depth=0 C = US, ST = California, L = San Francisco, O = "Fastly, Inc.", CN = b2-alt.shared.global.fastly.net
verify return:1
DONE
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
75:af:9d:81:e7:15:88:b9:43:ec:c6:9d
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2
Validity
Not Before: Oct 17 21:38:06 2016 GMT
Not After : Jan 17 21:38:06 2017 GMT
Subject: C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=b2-alt.shared.global.fastly.net
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:9a:88:ed:b0:a5:9b:c5:51:49:d8:3e:da:25:32:
4a:fa:b9:bb:b7:06:db:a7:c0:7f:6f:7d:2f:fa:e3:
00:90:97:16:ed:c0:7b:9b:d5:ac:28:bd:09:cd:d7:
a7:ac:3c:39:61:24:26:7c:aa:76:20:e3:04:67:ad:
7c:c8:96:8d:90:5b:e3:62:10:cc:80:f2:ff:a6:c8:
5e:25:1f:a3:cc:f3:02:90:ee:0a:4e:b9:1d:ee:6c:
41:9f:fb:57:7f:e4:66:b7:2f:15:ad:54:28:92:d0:
c2:dd:25:04:61:23:9f:1f:ff:4a:4f:0c:ea:b9:cf:
a8:dd:c5:4c:12:05:7d:dd:9b:f4:f9:db:cc:54:97:
76:22:00:d0:65:73:81:80:3c:09:fd:08:79:dd:18:
a2:65:3b:ff:7d:7f:dd:f2:4a:fb:c4:42:c9:e2:81:
4c:53:40:8f:90:03:84:c5:f2:16:28:f4:74:d5:19:
c9:0f:fa:ec:ba:f2:16:a9:3e:59:1e:a7:94:20:ec:
7b:cd:07:6e:d2:4f:6b:8c:15:b0:74:9a:21:00:97:
85:65:01:51:bf:85:0a:62:1c:48:b3:72:71:9c:7d:
96:c4:0f:6a:86:15:97:43:58:14:0d:90:e6:08:5b:
97:5a:88:45:41:25:26:c5:44:eb:53:e1:de:f0:37:
45:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
Authority Information Access:
CA Issuers - URI:http://secure.globalsign.com/cacert/gsorganizationvalsha2g2r1.crt
OCSP - URI:http://ocsp2.globalsign.com/gsorganizationvalsha2g2
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.4146.1.20
CPS: https://www.globalsign.com/repository/
Policy: 2.23.140.1.2.2
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Alternative Name:
DNS:b2-alt.shared.global.fastly.net, DNS:*.4ormat.com, DNS:*.about.com, DNS:*.ak.yelpassets.com, DNS:*.ak.yelpcdn.com, DNS:*.asana.com, DNS:*.bigcartel.biz, DNS:*.bigcartel.com, DNS:*.blendle.com, DNS:*.blendle.nl, DNS:*.blendlecdn.com, DNS:*.buzzfeed.com, DNS:*.caloriecount.com, DNS:*.donorschoose.net, DNS:*.donorschoose.org, DNS:*.drupal.org, DNS:*.fetlife.com, DNS:*.fl.yelpassets.com, DNS:*.fl.yelpcdn.com, DNS:*.format-app.com, DNS:*.format-assets.com, DNS:*.format-staging.com, DNS:*.format.com, DNS:*.ft.com, DNS:*.global.ssl.fastly.net, DNS:*.gofundme.com, DNS:*.imzy.com, DNS:*.jwpsrv.com, DNS:*.kickstarter.com, DNS:*.lifewire.com, DNS:*.livestream.com, DNS:*.matterport.com, DNS:*.msf.org.ar, DNS:*.oswego.edu, DNS:*.perfectlyposh.com, DNS:*.picmonkey.com, DNS:*.pottermore.com, DNS:*.pubnub.com, DNS:*.rabb.it, DNS:*.relaymedia.com, DNS:*.safaribooksonline.com, DNS:*.stage.yelpcdn.com, DNS:*.supercall.com, DNS:*.thebalance.com, DNS:*.thestreet.com, DNS:*.thrillist.com, DNS:*.tqn.com, DNS:*.universe.com, DNS:*.unsplash.com, DNS:*.verywell.com, DNS:*.vimeocdn.com, DNS:*.wework.com, DNS:*.yelpassets.com, DNS:4ormat.com, DNS:about.com, DNS:actionsprout.io, DNS:admin.mybanktracker.com, DNS:ak.yelpassets.com, DNS:ak.yelpcdn.com, DNS:api.tictail.com, DNS:app.betterimpactcdn.com, DNS:app.brainshark.com, DNS:asana.com, DNS:asset-beacon.lumosity.com, DNS:asset-bpt.lumosity.com, DNS:asset-hcp.lumosity.com, DNS:asset.lumosity.com, DNS:assets.pipelinedeals.com, DNS:blendle.com, DNS:blendle.nl, DNS:blendlecdn.com, DNS:boards-cdn.greenhouse.io, DNS:cdn.glassons.com, DNS:cdn.greenhouse.io, DNS:cdn.hallensteins.com, DNS:cdn.newsendit.com, DNS:cdn.ravenjs.com, DNS:cdn.spaces.hightail.com, DNS:cdn.stormonline.com, DNS:custom-hls.iheart.com, DNS:donorschoose.org, DNS:drupal.org, DNS:drwil.co, DNS:embed.yelpcdn.com, DNS:fast.appcues.com, DNS:fastly.hightailcdn.com, DNS:fetlife.com, DNS:fl.yelpassets.com, DNS:foo.drwilco.net, DNS:format-app.com, DNS:format-staging.com, DNS:format.com, DNS:ft.com, DNS:gofundme.com, DNS:kredo.com, DNS:lifewire.com, DNS:livestream.com, DNS:m.eharmony.com, DNS:matterport.com, DNS:mybanktracker.com, DNS:pubnub.com, DNS:rabb.it, DNS:s.t.st, DNS:safaribooksonline.com, DNS:secure.common.csnimages.com, DNS:secure.common.csnstores.com, DNS:secure.img.josscdn.com, DNS:secure.img.wfcdn.com, DNS:secure.img.wfrcdn.com, DNS:secure.img1.josscdn.com, DNS:secure.img1.wfrcdn.com, DNS:secure.img2.josscdn.com, DNS:secure.img2.wfrcdn.com, DNS:stage.yelpcdn.com, DNS:teamtreehouse.com, DNS:thebalance.com, DNS:ugc-embed.yelpcdn.com, DNS:unsplash.com, DNS:verywell.com, DNS:wework.com, DNS:wfcdn.com, DNS:www.cheapcheapmovingboxes.com, DNS:www.eharmony.ca, DNS:www.eharmony.co.uk, DNS:www.eharmony.com, DNS:www.eharmony.com.au, DNS:www.everplans.com, DNS:www.iheart.com, DNS:www.joyent.com, DNS:www.kredo.com, DNS:www.lostmy.name, DNS:www.mapbox.com, DNS:www.mybanktracker.com, DNS:www.rticcoolers.com, DNS:wwwqa.brainshark.com, DNS:yelpassets.com
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Subject Key Identifier:
5F:1E:5F:C8:9F:16:0E:13:86:E8:20:72:C6:56:07:71:BA:48:4D:B2
X509v3 Authority Key Identifier:
keyid:96:DE:61:F1:BD:1C:16:29:53:1C:C0:CC:7D:3B:83:00:40:E6:1A:7C
Signature Algorithm: sha256WithRSAEncryption
29:e0:66:c2:23:da:91:e1:09:93:1e:ce:56:ac:87:65:51:5b:
b6:c9:90:65:ad:c3:e7:35:b0:84:e1:9a:d2:f5:64:e3:32:6a:
be:05:34:e0:70:56:e2:e6:90:3f:ba:28:ea:6d:93:fa:7f:b5:
61:5e:27:53:26:16:55:05:85:f3:b7:e7:bf:67:e5:d6:2a:2b:
42:f2:9c:44:37:50:d8:b6:9c:5e:3d:a0:48:5f:2c:07:26:d4:
2e:fd:96:79:ec:e4:d8:a6:e9:11:74:9b:c8:c9:d3:2b:93:ab:
85:24:a9:cb:00:21:f7:51:2e:e2:40:55:fd:51:d1:96:bc:89:
92:b4:be:99:0b:01:c8:fb:bc:72:f5:cf:b9:9f:e5:f1:85:17:
0c:36:0f:73:70:da:e9:83:e2:7b:4b:62:2d:f4:ea:43:88:d5:
57:8f:a0:ce:83:15:19:4e:c3:a3:5a:b7:a0:dd:93:07:1b:86:
47:7b:32:27:fa:65:19:21:2c:59:3a:f7:74:60:ab:90:3d:6c:
6a:73:f2:9f:89:2d:b6:0b:ab:7f:2f:93:aa:e5:10:99:aa:4b:
74:71:71:b3:f6:bb:4e:6e:cd:b9:a3:07:4d:c7:98:70:67:bb:
11:be:0b:52:ac:0a:4c:14:d5:ba:12:f2:cc:e7:f3:0a:dc:c7:
b0:9b:b1:32
-----BEGIN CERTIFICATE-----
MIIOejCCDWKgAwIBAgIMda+dgecViLlD7MadMA0GCSqGSIb3DQEBCwUAMGYxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTwwOgYDVQQDEzNH
bG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g
RzIwHhcNMTYxMDE3MjEzODA2WhcNMTcwMTE3MjEzODA2WjB7MQswCQYDVQQGEwJV
UzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEV
MBMGA1UECgwMRmFzdGx5LCBJbmMuMSgwJgYDVQQDDB9iMi1hbHQuc2hhcmVkLmds
b2JhbC5mYXN0bHkubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
mojtsKWbxVFJ2D7aJTJK+rm7twbbp8B/b30v+uMAkJcW7cB7m9WsKL0JzdenrDw5
YSQmfKp2IOMEZ618yJaNkFvjYhDMgPL/psheJR+jzPMCkO4KTrkd7mxBn/tXf+Rm
ty8VrVQoktDC3SUEYSOfH/9KTwzquc+o3cVMEgV93Zv0+dvMVJd2IgDQZXOBgDwJ
/Qh53RiiZTv/fX/d8kr7xELJ4oFMU0CPkAOExfIWKPR01RnJD/rsuvIWqT5ZHqeU
IOx7zQdu0k9rjBWwdJohAJeFZQFRv4UKYhxIs3JxnH2WxA9qhhWXQ1gUDZDmCFuX
WohFQSUmxUTrU+He8DdF/QIDAQABo4ILETCCCw0wDgYDVR0PAQH/BAQDAgWgMIGg
BggrBgEFBQcBAQSBkzCBkDBNBggrBgEFBQcwAoZBaHR0cDovL3NlY3VyZS5nbG9i
YWxzaWduLmNvbS9jYWNlcnQvZ3Nvcmdhbml6YXRpb252YWxzaGEyZzJyMS5jcnQw
PwYIKwYBBQUHMAGGM2h0dHA6Ly9vY3NwMi5nbG9iYWxzaWduLmNvbS9nc29yZ2Fu
aXphdGlvbnZhbHNoYTJnMjBWBgNVHSAETzBNMEEGCSsGAQQBoDIBFDA0MDIGCCsG
AQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAI
BgZngQwBAgIwCQYDVR0TBAIwADCCCZQGA1UdEQSCCYswggmHgh9iMi1hbHQuc2hh
cmVkLmdsb2JhbC5mYXN0bHkubmV0ggwqLjRvcm1hdC5jb22CCyouYWJvdXQuY29t
ghMqLmFrLnllbHBhc3NldHMuY29tghAqLmFrLnllbHBjZG4uY29tggsqLmFzYW5h
LmNvbYIPKi5iaWdjYXJ0ZWwuYml6gg8qLmJpZ2NhcnRlbC5jb22CDSouYmxlbmRs
ZS5jb22CDCouYmxlbmRsZS5ubIIQKi5ibGVuZGxlY2RuLmNvbYIOKi5idXp6ZmVl
ZC5jb22CEiouY2Fsb3JpZWNvdW50LmNvbYISKi5kb25vcnNjaG9vc2UubmV0ghIq
LmRvbm9yc2Nob29zZS5vcmeCDCouZHJ1cGFsLm9yZ4INKi5mZXRsaWZlLmNvbYIT
Ki5mbC55ZWxwYXNzZXRzLmNvbYIQKi5mbC55ZWxwY2RuLmNvbYIQKi5mb3JtYXQt
YXBwLmNvbYITKi5mb3JtYXQtYXNzZXRzLmNvbYIUKi5mb3JtYXQtc3RhZ2luZy5j
b22CDCouZm9ybWF0LmNvbYIIKi5mdC5jb22CFyouZ2xvYmFsLnNzbC5mYXN0bHku
bmV0gg4qLmdvZnVuZG1lLmNvbYIKKi5pbXp5LmNvbYIMKi5qd3BzcnYuY29tghEq
LmtpY2tzdGFydGVyLmNvbYIOKi5saWZld2lyZS5jb22CECoubGl2ZXN0cmVhbS5j
b22CECoubWF0dGVycG9ydC5jb22CDCoubXNmLm9yZy5hcoIMKi5vc3dlZ28uZWR1
ghMqLnBlcmZlY3RseXBvc2guY29tgg8qLnBpY21vbmtleS5jb22CECoucG90dGVy
bW9yZS5jb22CDCoucHVibnViLmNvbYIJKi5yYWJiLml0ghAqLnJlbGF5bWVkaWEu
Y29tghcqLnNhZmFyaWJvb2tzb25saW5lLmNvbYITKi5zdGFnZS55ZWxwY2RuLmNv
bYIPKi5zdXBlcmNhbGwuY29tghAqLnRoZWJhbGFuY2UuY29tgg8qLnRoZXN0cmVl
dC5jb22CDyoudGhyaWxsaXN0LmNvbYIJKi50cW4uY29tgg4qLnVuaXZlcnNlLmNv
bYIOKi51bnNwbGFzaC5jb22CDioudmVyeXdlbGwuY29tgg4qLnZpbWVvY2RuLmNv
bYIMKi53ZXdvcmsuY29tghAqLnllbHBhc3NldHMuY29tggo0b3JtYXQuY29tgglh
Ym91dC5jb22CD2FjdGlvbnNwcm91dC5pb4IXYWRtaW4ubXliYW5rdHJhY2tlci5j
b22CEWFrLnllbHBhc3NldHMuY29tgg5hay55ZWxwY2RuLmNvbYIPYXBpLnRpY3Rh
aWwuY29tghdhcHAuYmV0dGVyaW1wYWN0Y2RuLmNvbYISYXBwLmJyYWluc2hhcmsu
Y29tgglhc2FuYS5jb22CGWFzc2V0LWJlYWNvbi5sdW1vc2l0eS5jb22CFmFzc2V0
LWJwdC5sdW1vc2l0eS5jb22CFmFzc2V0LWhjcC5sdW1vc2l0eS5jb22CEmFzc2V0
Lmx1bW9zaXR5LmNvbYIYYXNzZXRzLnBpcGVsaW5lZGVhbHMuY29tggtibGVuZGxl
LmNvbYIKYmxlbmRsZS5ubIIOYmxlbmRsZWNkbi5jb22CGGJvYXJkcy1jZG4uZ3Jl
ZW5ob3VzZS5pb4IQY2RuLmdsYXNzb25zLmNvbYIRY2RuLmdyZWVuaG91c2UuaW+C
FGNkbi5oYWxsZW5zdGVpbnMuY29tghFjZG4ubmV3c2VuZGl0LmNvbYIPY2RuLnJh
dmVuanMuY29tghdjZG4uc3BhY2VzLmhpZ2h0YWlsLmNvbYITY2RuLnN0b3Jtb25s
aW5lLmNvbYIVY3VzdG9tLWhscy5paGVhcnQuY29tghBkb25vcnNjaG9vc2Uub3Jn
ggpkcnVwYWwub3JngghkcndpbC5jb4IRZW1iZWQueWVscGNkbi5jb22CEGZhc3Qu
YXBwY3Vlcy5jb22CFmZhc3RseS5oaWdodGFpbGNkbi5jb22CC2ZldGxpZmUuY29t
ghFmbC55ZWxwYXNzZXRzLmNvbYIPZm9vLmRyd2lsY28ubmV0gg5mb3JtYXQtYXBw
LmNvbYISZm9ybWF0LXN0YWdpbmcuY29tggpmb3JtYXQuY29tggZmdC5jb22CDGdv
ZnVuZG1lLmNvbYIJa3JlZG8uY29tggxsaWZld2lyZS5jb22CDmxpdmVzdHJlYW0u
Y29tgg5tLmVoYXJtb255LmNvbYIObWF0dGVycG9ydC5jb22CEW15YmFua3RyYWNr
ZXIuY29tggpwdWJudWIuY29tggdyYWJiLml0ggZzLnQuc3SCFXNhZmFyaWJvb2tz
b25saW5lLmNvbYIbc2VjdXJlLmNvbW1vbi5jc25pbWFnZXMuY29tghtzZWN1cmUu
Y29tbW9uLmNzbnN0b3Jlcy5jb22CFnNlY3VyZS5pbWcuam9zc2Nkbi5jb22CFHNl
Y3VyZS5pbWcud2ZjZG4uY29tghVzZWN1cmUuaW1nLndmcmNkbi5jb22CF3NlY3Vy
ZS5pbWcxLmpvc3NjZG4uY29tghZzZWN1cmUuaW1nMS53ZnJjZG4uY29tghdzZWN1
cmUuaW1nMi5qb3NzY2RuLmNvbYIWc2VjdXJlLmltZzIud2ZyY2RuLmNvbYIRc3Rh
Z2UueWVscGNkbi5jb22CEXRlYW10cmVlaG91c2UuY29tgg50aGViYWxhbmNlLmNv
bYIVdWdjLWVtYmVkLnllbHBjZG4uY29tggx1bnNwbGFzaC5jb22CDHZlcnl3ZWxs
LmNvbYIKd2V3b3JrLmNvbYIJd2ZjZG4uY29tgh13d3cuY2hlYXBjaGVhcG1vdmlu
Z2JveGVzLmNvbYIPd3d3LmVoYXJtb255LmNhghJ3d3cuZWhhcm1vbnkuY28udWuC
EHd3dy5laGFybW9ueS5jb22CE3d3dy5laGFybW9ueS5jb20uYXWCEXd3dy5ldmVy
cGxhbnMuY29tgg53d3cuaWhlYXJ0LmNvbYIOd3d3LmpveWVudC5jb22CDXd3dy5r
cmVkby5jb22CD3d3dy5sb3N0bXkubmFtZYIOd3d3Lm1hcGJveC5jb22CFXd3dy5t
eWJhbmt0cmFja2VyLmNvbYITd3d3LnJ0aWNjb29sZXJzLmNvbYIUd3d3cWEuYnJh
aW5zaGFyay5jb22CDnllbHBhc3NldHMuY29tMB0GA1UdJQQWMBQGCCsGAQUFBwMB
BggrBgEFBQcDAjAdBgNVHQ4EFgQUXx5fyJ8WDhOG6CByxlYHcbpITbIwHwYDVR0j
BBgwFoAUlt5h8b0cFilTHMDMfTuDAEDmGnwwDQYJKoZIhvcNAQELBQADggEBACng
ZsIj2pHhCZMezlash2VRW7bJkGWtw+c1sIThmtL1ZOMyar4FNOBwVuLmkD+6KOpt
k/p/tWFeJ1MmFlUFhfO3579n5dYqK0LynEQ3UNi2nF49oEhfLAcm1C79lnns5Nim
6RF0m8jJ0yuTq4UkqcsAIfdRLuJAVf1R0Za8iZK0vpkLAcj7vHL1z7mf5fGFFww2
D3Nw2umD4ntLYi306kOI1VePoM6DFRlOw6Nat6Ddkwcbhkd7Mif6ZRkhLFk693Rg
q5A9bGpz8p+JLbYLq38vk6rlEJmqS3RxcbP2u05uzbmjB03HmHBnuxG+C1KsCkwU
1boS8szn8wrcx7CbsTI=
-----END CERTIFICATE-----
Comme on peut le voir la date de validité du certificat est ‘Not Before: Oct 17 21:38:06 2016 GMT‘, ce qui veut dire que le certificat a été mis à jour il y a trois jours, avec une autorité de certification qui était inconnue sur le serveur où nous nous trouvions.
Le ‘CN‘ du certificat (b2-alt.shared.global.fastly.net), nous laisse à penser qu’il s’agit d’un certificat SSL partagé, ce que nous confirme par ailleurs la longue liste de domaines dans le champ ‘X509v3 Subject Alternative Name‘:
b2-alt.shared.global.fastly.net, DNS:*.4ormat.com, DNS:*.about.com, DNS:*.ak.yelpassets.com, DNS:*.ak.yelpcdn.com, DNS:*.asana.com, DNS:*.bigcartel.biz, DNS:*.bigcartel.com, DNS:*.blendle.com, DNS:*.blendle.nl, DNS:*.blendlecdn.com, DNS:*.buzzfeed.com, DNS:*.caloriecount.com, DNS:*.donorschoose.net, DNS:*.donorschoose.org, DNS:*.drupal.org, DNS:*.fetlife.com, DNS:*.fl.yelpassets.com, DNS:*.fl.yelpcdn.com, DNS:*.format-app.com, DNS:*.format-assets.com, DNS:*.format-staging.com, DNS:*.format.com, DNS:*.ft.com, DNS:*.global.ssl.fastly.net, DNS:*.gofundme.com, DNS:*.imzy.com, DNS:*.jwpsrv.com, DNS:*.kickstarter.com, DNS:*.lifewire.com, DNS:*.livestream.com, DNS:*.matterport.com, DNS:*.msf.org.ar, DNS:*.oswego.edu, DNS:*.perfectlyposh.com, DNS:*.picmonkey.com, DNS:*.pottermore.com, DNS:*.pubnub.com, DNS:*.rabb.it, DNS:*.relaymedia.com, DNS:*.safaribooksonline.com, DNS:*.stage.yelpcdn.com, DNS:*.supercall.com, DNS:*.thebalance.com, DNS:*.thestreet.com, DNS:*.thrillist.com, DNS:*.tqn.com, DNS:*.universe.com, DNS:*.unsplash.com, DNS:*.verywell.com, DNS:*.vimeocdn.com, DNS:*.wework.com, DNS:*.yelpassets.com, DNS:4ormat.com, DNS:about.com, DNS:actionsprout.io, DNS:admin.mybanktracker.com, DNS:ak.yelpassets.com, DNS:ak.yelpcdn.com, DNS:api.tictail.com, DNS:app.betterimpactcdn.com, DNS:app.brainshark.com, DNS:asana.com, DNS:asset-beacon.lumosity.com, DNS:asset-bpt.lumosity.com, DNS:asset-hcp.lumosity.com, DNS:asset.lumosity.com, DNS:assets.pipelinedeals.com, DNS:blendle.com, DNS:blendle.nl, DNS:blendlecdn.com, DNS:boards-cdn.greenhouse.io, DNS:cdn.glassons.com, DNS:cdn.greenhouse.io, DNS:cdn.hallensteins.com, DNS:cdn.newsendit.com, DNS:cdn.ravenjs.com, DNS:cdn.spaces.hightail.com, DNS:cdn.stormonline.com, DNS:custom-hls.iheart.com, DNS:donorschoose.org, DNS:drupal.org, DNS:drwil.co, DNS:embed.yelpcdn.com, DNS:fast.appcues.com, DNS:fastly.hightailcdn.com, DNS:fetlife.com, DNS:fl.yelpassets.com, DNS:foo.drwilco.net, DNS:format-app.com, DNS:format-staging.com, DNS:format.com, DNS:ft.com, DNS:gofundme.com, DNS:kredo.com, DNS:lifewire.com, DNS:livestream.com, DNS:m.eharmony.com, DNS:matterport.com, DNS:mybanktracker.com, DNS:pubnub.com, DNS:rabb.it, DNS:s.t.st, DNS:safaribooksonline.com, DNS:secure.common.csnimages.com, DNS:secure.common.csnstores.com, DNS:secure.img.josscdn.com, DNS:secure.img.wfcdn.com, DNS:secure.img.wfrcdn.com, DNS:secure.img1.josscdn.com, DNS:secure.img1.wfrcdn.com, DNS:secure.img2.josscdn.com, DNS:secure.img2.wfrcdn.com, DNS:stage.yelpcdn.com, DNS:teamtreehouse.com, DNS:thebalance.com, DNS:ugc-embed.yelpcdn.com, DNS:unsplash.com, DNS:verywell.com, DNS:wework.com, DNS:wfcdn.com, DNS:www.cheapcheapmovingboxes.com, DNS:www.eharmony.ca, DNS:www.eharmony.co.uk, DNS:www.eharmony.com, DNS:www.eharmony.com.au, DNS:www.everplans.com, DNS:www.iheart.com, DNS:www.joyent.com, DNS:www.kredo.com, DNS:www.lostmy.name, DNS:www.mapbox.com, DNS:www.mybanktracker.com, DNS:www.rticcoolers.com, DNS:wwwqa.brainshark.com, DNS:yelpassets.com
Il est également possible de voir le certificat SSL avec votre navigateur web préféré, mais il est tout même pratique de le voir directement en mode console.
