https://hg.nginx.org certificate error ?
Maxim Dounin
mdounin at mdounin.ru
Tue Apr 9 13:34:59 UTC 2019
Hello!
On Tue, Apr 09, 2019 at 09:17:47AM -0400, George wrote:
> Hi when I try to clone njs repo I am getting the error below
>
> hg clone https://hg.nginx.org/njs/
> abort: hg.nginx.org certificate error: certificate is for *.nginx.com,
> nginx.com
> (configure hostfingerprint
> bd:90:5e:95:b4:51:d8:0b:b0:36:41:6f:99:a7:80:01:4e:cf:ee:c2 or use
> --insecure to connect insecurely)
Looks like you are using an outdated hg without SNI support.
Either upgrade, or use http / --insecure / whatever.
> and
>
> echo -n | openssl s_client -connect hg.nginx.org:443
> CONNECTED(00000003)
> depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
> verify return:1
> depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
> verify return:1
> depth=0 CN = *.nginx.com
> verify return:1
> ---
> Certificate chain
> 0 s:/CN=*.nginx.com
> i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
> 1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
> i:/O=Digital Signature Trust Co./CN=DST Root CA X3
> ---
That's fine, try
openssl s_client -connect hg.nginx.org:443 -servername hg.nginx.org
instead.
--
Maxim Dounin
http://mdounin.ru/
More information about the nginx
mailing list