Metadata download error
Peter Schober
peter.schober at univie.ac.at
Thu Apr 3 11:38:56 EDT 2014
* Joy Veronneau <jv11 at cornell.edu> [2014-04-03 16:59]:
> wget https://media.library.cornell.edu/saml/index/sp-metadata
> --2014-04-03 10:39:26-- https://media.library.cornell.edu/saml/index/sp-metadata
> Resolving media.library.cornell.edu... 38.74.193.98
> Connecting to media.library.cornell.edu|38.74.193.98|:443... connected.
> ERROR: certificate common name `*.mediaspace.kaltura.com' doesn't match requested host name `media.library.cornell.edu'.
There's definitively something weird going on. That cert seems fine
when connecting with curl from a Debian Wheezy box:
$ curl -v https://media.library.cornell.edu/ -o /dev/null 2>&1 | fgrep -A6 'Server certificate'
* Server certificate:
* subject: C=US; postalCode=14853; ST=NY; L=Ithaca; O=Cornell University; OU=IT; CN=media.library.cornell.edu
* start date: 2014-02-25 00:00:00 GMT
* expire date: 2015-02-25 23:59:59 GMT
* subjectAltName: media.library.cornell.edu matched
* issuer: C=US; O=Internet2; OU=InCommon; CN=InCommon Server CA
* SSL certificate verify ok.
openssl sees a different cert, though:
$ openssl s_client -connect media.library.cornell.edu:443 < /dev/null 2>&1 | grep ^subject
subject=/OU=Domain Control Validated/CN=*.mediaspace.kaltura.com
With a different cert and a different cert chain (from godaddy, not the
InCommon CA via Comodo).
-peter
More information about the users
mailing list