CONTENT

CHANGES

Szukaj

#top Przydatne informacje¶

#top Timeout¶

#top Load Balancing with HAProxy¶

#top Apache behind HAProxy¶

Zobacz także Apache behind HAProxy dla: HAProxy (HAProxy)

W niniejszej konfiguracji HAProxy odbiera połączenia przychodzące na port 80 i w zależności od rodzaju żądania
przekierowywuje je do Apache prefork na port 81 lub Apache worker na port 82:

Plik konfiguracyjny /etc/httpd/httpd.conf:

#
# PidFile: The file in which the server should record its process
# identification number when it starts.  Note the PIDFILE variable in
# /etc/sysconfig/httpd must be set appropriately if this location is
# changed.
#
<IfModule prefork.c>
PidFile /var/run/httpd/httpd1.pid
</IfModule>
<IfModule worker.c>
PidFile /var/run/httpd/httpd2.pid
</IfModule>

[...]

#
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, in addition to the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
#
#Listen 12.34.56.78:80
<IfModule prefork.c>
Listen 81
</IfModule>
<IfModule worker.c>
Listen 82
</IfModule>

Plik konfiguracyjny /etc/httpd/httpd.conf:

#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
#
SetEnvIf Remote_Addr "^(.*)$" ENVRemote=$1
SetEnvIf X-Forwarded-For "(::ffff:)?([0-9][0-9\.]*|[0-9a-f][0-9a-f:]*)$" ENVRemote=$2
LogFormat "%{ENVRemote}e %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedpe
LogFormat "%V %{ENVRemote}e %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" vcombinedpe

[...]

#
# Use name-based virtual hosting.
#
<IfModule prefork.c>
NameVirtualHost *:81
</IfModule>
<IfModule worker.c>
NameVirtualHost *:82
</IfModule>

Plik konfiguracyjny /etc/httpd/vhosts/01-cen06x64.xen.wbcd.pl.conf:

<VirtualHost *:81 *:82>
ServerName  cen06x64
ServerAlias cen06x64.xen.wbcd.pl
ServerAlias static.cen06x64.xen.wbcd.pl
ServerAdmin admin@cen06x64.xen.wbcd.pl
ServerPath   /srv/http/vhosts/cen06x64.xen.wbcd.pl
DocumentRoot /srv/http/vhosts/cen06x64.xen.wbcd.pl/
ErrorLog  /var/log/httpd/cen06x64_xen_wbcd_pl-error.log
CustomLog /var/log/httpd/cen06x64_xen_wbcd_pl-access.log combinedpe
</VirtualHost>

Zgodnie z RFC 7239 - Forwarded HTTP Header Field

A proxy server that wants to add a new "Forwarded" header field value
can either append it to the last existing "Forwarded" header field
after a comma separator or add a new field at the end of the header block.

oraz dokumentacją na stronie X-Forwarded-For (mozilla.org)

Syntax
X-Forwarded-For: <client>, <proxy1>, <proxy2>

adres IP klienta jest pierwszym adresem na liście w nagłówku HTTP X-Forwarded-For. Natomiast adres IP klienta łączącego się do serwera WWW jest ostatnim adresem IP na liście w nagłówku HTTP X-Forwarded-For dodanym przez serwer HAProxy, który przekazuje odebrane żądanie HTTP do serwera WWW i ten adres zostanie zapisany w logach access serwera.

Aby w logach access serwera Apache zamiast adresu serwera Proxy zapisywany był adres klienta łączącego się poprzez Proxy niezbędne jest zastosowanie dyrektyw warunkowych SetEnvIf ustawiających adres IP klienta w zmiennych środowiskowych, a następnie w dyrektywie LogFormat zamiana Format String zawierającego Remote host na przygotowaną wcześniej zmienną środowiskową (Zobacz sekcję LogFormat).

#top TLS SNI¶

Detailed Processing

Before there is even an SSL handshake, Apache finds the best match for the IP address and TCP port the connection is established on (IP-based virtual hosting)

If there is a NameVirtualHost (NameVirtualHost) directive that has the same literal arguments as this best-matching VirtualHost (VirtualHost), Apache will instead consider ALL VirtualHost (VirtualHost) entries with identical arguments to the matched VirtualHost (VirtualHost). Otherwise, SNI processing has no selection to perform.

If the client sends a hostname along with its TLS handshake request, Apache will compare this TLS hostname to the ServerName/ServerAlias (ServerName/ServerAlias) of the candidate VirtualHost (VirtualHost) set determined in the preceding steps.

Whichever VirtualHost (VirtualHost) is selected on the preceding basis will have its SSL configuration used to continue the handshake. Notably, the contents of the certificates are not used in any comparison.

This process mimics the normal (albet misundersood) consecutive application of IP-based, then name-based, vhost matching algorithms used with HTTP, except that the input is the TLS data and not an HTTP header.

EXAMPLES
Server configuration

# Ensure that Apache listens on port 443
Listen 443
    
# Listen for virtual host requests on all IP addresses
NameVirtualHost *:443

# Go ahead and accept connections for these vhosts
# from non-SNI clients
SSLStrictSNIVHostCheck off

<VirtualHost *:443>
  # Because this virtual host is defined first, it will
  # be used as the default if the hostname is not received
  # in the SSL handshake, e.g. if the browser doesn't support
  # SNI.
  DocumentRoot /www/example1
  ServerName www.example.com

  # Other directives here

</VirtualHost>

<VirtualHost *:443>
  DocumentRoot /www/example2
  ServerName www.example2.org

  # Other directives here

</VirtualHost>

#top SNI config¶

#top Apache/2.2.15 - CentOS 6 - config¶

<VirtualHost *:443>
ServerName cen06x64.xen.wbcd.pl
ServerAlias cen06x64.xen.wbcd.pl
ServerAdmin admin@cen06x64.xen.wbcd.pl
ServerPath /srv/http/vhosts/cen06x64.xen.wbcd.pl
DocumentRoot /srv/http/vhosts/cen06x64.xen.wbcd.pl/
ErrorLog /var/log/httpd/cen06x64_xen_wbcd_pl-ssl-error.log
CustomLog /var/log/httpd/cen06x64_xen_wbcd_pl-ssl-access.log combined

SSLEngine on
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCertificateFile    /etc/pki/tls/certs/cen06x64.xen.wbcd.pl.crt
SSLCertificateKeyFile /etc/pki/tls/certs/cen06x64.xen.wbcd.pl.key
SSLCACertificateFile  /etc/pki/tls/certs/ca-bundle.crt

BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
</VirtualHost>

<VirtualHost *:443>
ServerName cen06x64a.xen.wbcd.pl
ServerAlias cen06x64a1.xen.wbcd.pl cen06x64a2.xen.wbcd.pl cen06x64a3.xen.wbcd.pl
ServerAdmin admin@cen06x64.xen.wbcd.pl
ServerPath /srv/http/vhosts/cen06x64.xen.wbcd.pl
DocumentRoot /srv/http/vhosts/cen06x64.xen.wbcd.pl/
ErrorLog /var/log/httpd/cen06x64_xen_wbcd_pl-ssl-error.log
CustomLog /var/log/httpd/cen06x64_xen_wbcd_pl-access.log combinedpe

SSLEngine on
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCertificateFile    /etc/pki/tls/certs/cen06x64a.xen.wbcd.pl.pem
SSLCertificateKeyFile /etc/pki/tls/certs/cen06x64a.xen.wbcd.pl.pem
SSLCACertificateFile  /etc/pki/tls/certs/ca-bundle.crt

BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
</VirtualHost>

<VirtualHost *:443>
ServerName cen06x64b.xen.wbcd.pl
ServerAlias cen06x64b1.xen.wbcd.pl cen06x64b2.xen.wbcd.pl cen06x64b3.xen.wbcd.pl
ServerAdmin admin@cen06x64.xen.wbcd.pl
ServerPath /srv/http/vhosts/cen06x64.xen.wbcd.pl
DocumentRoot /srv/http/vhosts/cen06x64.xen.wbcd.pl/
ErrorLog /var/log/httpd/cen06x64_xen_wbcd_pl-ssl-error.log
CustomLog /var/log/httpd/cen06x64_xen_wbcd_pl-access.log combinedpe

SSLEngine on
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:!RC4:RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile    /etc/pki/tls/certs/cen06x64b.xen.wbcd.pl.pem
SSLCertificateKeyFile /etc/pki/tls/certs/cen06x64b.xen.wbcd.pl.pem
SSLCACertificateFile  /etc/pki/tls/certs/ca-bundle.crt

BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
</VirtualHost>

<VirtualHost *:443>
ServerName cen06x64c.xen.wbcd.pl
ServerAlias cen06x64c1.xen.wbcd.pl cen06x64c2.xen.wbcd.pl cen06x64c3.xen.wbcd.pl
ServerAdmin admin@cen06x64.xen.wbcd.pl
ServerPath /srv/http/vhosts/cen06x64.xen.wbcd.pl
DocumentRoot /srv/http/vhosts/cen06x64.xen.wbcd.pl/
ErrorLog /var/log/httpd/cen06x64_xen_wbcd_pl-ssl-error.log
CustomLog /var/log/httpd/cen06x64_xen_wbcd_pl-access.log combinedpe

SSLEngine on
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:!RC4:RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile    /etc/pki/tls/certs/cen06x64c.xen.wbcd.pl.pem
SSLCertificateKeyFile /etc/pki/tls/certs/cen06x64c.xen.wbcd.pl.pem
SSLCACertificateFile  /etc/pki/tls/certs/ca-bundle.crt

BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
</VirtualHost>

#top Apache/2.4.6 - CentOS 7 - config¶

## Listen: Allows you to bind Apache to specific IP addresses and/or
## ports, in addition to the default. See also the VirtualHost command
<VirtualHost *:443>
ServerName cen07x64.xen.wbcd.pl
ServerAlias cen07x64.xen.wbcd.pl
ServerAdmin admin@cen07x64.xen.wbcd.pl
ServerPath /srv/http/vhosts/cen07x64.xen.wbcd.pl
DocumentRoot /srv/http/vhosts/cen07x64.xen.wbcd.pl/
ErrorLog /var/log/httpd/cen07x64_xen_wbcd_pl-ssl-error.log
CustomLog /var/log/httpd/cen07x64_xen_wbcd_pl-ssl-access.log combined

SSLEngine on
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite  ALL:!ADH:!EXPORT:!SSLv2:!RC4:!RSA:!aNULL:!eNULL:!EXP:!NULL:!DES:!SSLv2:+TLSv1:+HIGH:+MEDIUM
SSLCertificateFile    /etc/pki/tls/certs/cen07x64.xen.wbcd.pl.crt
SSLCertificateKeyFile /etc/pki/tls/certs/cen07x64.xen.wbcd.pl.key
SSLCACertificateFile  /etc/pki/tls/certs/ca-bundle.crt

BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
</VirtualHost>

<VirtualHost *:443>
ServerName cen06x64a.xen.wbcd.pl
ServerAlias cen06x64a1.xen.wbcd.pl cen06x64a2.xen.wbcd.pl cen06x64a3.xen.wbcd.pl
ServerAdmin admin@cen07x64.xen.wbcd.pl
ServerPath /srv/http/vhosts/cen07x64.xen.wbcd.pl
DocumentRoot /srv/http/vhosts/cen07x64.xen.wbcd.pl/
ErrorLog /var/log/httpd/cen07x64_xen_wbcd_pl-ssl-error.log
CustomLog /var/log/httpd/cen07x64_xen_wbcd_pl-access.log combinedpe

SSLEngine on
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCertificateFile    /etc/pki/tls/certs/cen06x64a.xen.wbcd.pl.pem
SSLCertificateKeyFile /etc/pki/tls/certs/cen06x64a.xen.wbcd.pl.pem
SSLCACertificateFile  /etc/pki/tls/certs/ca-bundle.crt

BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
</VirtualHost>

<VirtualHost *:443>
ServerName cen06x64b.xen.wbcd.pl
ServerAlias cen06x64b1.xen.wbcd.pl cen06x64b2.xen.wbcd.pl cen06x64b3.xen.wbcd.pl
ServerAdmin admin@cen07x64.xen.wbcd.pl
ServerPath /srv/http/vhosts/cen07x64.xen.wbcd.pl
DocumentRoot /srv/http/vhosts/cen07x64.xen.wbcd.pl/
ErrorLog /var/log/httpd/cen07x64_xen_wbcd_pl-ssl-error.log
CustomLog /var/log/httpd/cen07x64_xen_wbcd_pl-access.log combinedpe

SSLEngine on
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:!RC4:RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile    /etc/pki/tls/certs/cen06x64b.xen.wbcd.pl.pem
SSLCertificateKeyFile /etc/pki/tls/certs/cen06x64b.xen.wbcd.pl.pem
SSLCACertificateFile  /etc/pki/tls/certs/ca-bundle.crt
BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
</VirtualHost>

<VirtualHost *:443>
ServerName cen06x64c.xen.wbcd.pl
ServerAlias cen06x64c1.xen.wbcd.pl cen06x64c2.xen.wbcd.pl cen06x64c3.xen.wbcd.pl
ServerAdmin admin@cen07x64.xen.wbcd.pl
ServerPath /srv/http/vhosts/cen07x64.xen.wbcd.pl
DocumentRoot /srv/http/vhosts/cen07x64.xen.wbcd.pl/
ErrorLog /var/log/httpd/cen07x64_xen_wbcd_pl-ssl-error.log
CustomLog /var/log/httpd/cen07x64_xen_wbcd_pl-access.log combinedpe

SSLEngine on
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:!RC4:RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile    /etc/pki/tls/certs/cen06x64c.xen.wbcd.pl.pem
SSLCertificateKeyFile /etc/pki/tls/certs/cen06x64c.xen.wbcd.pl.pem
SSLCACertificateFile  /etc/pki/tls/certs/ca-bundle.crt

BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
</VirtualHost>

#top SNI check¶

#top Apache/2.2.15 - CentOS 6 - check¶

httprecv --syserrors -w 5 --header="Host: localhost" --SNI=localhost --ca-file=/etc/pki/tls/certs/ca-bundle.crt --starttls --tlsinfo --certcheck-no --certverify --certinfo --body-hide https://10.41.0.58:443/

httprecv: Resolving 10.41.0.58 ... 10.41.0.58 Success
httprecv: Connecting to 10.41.0.58[10.41.0.58]:443 Success
httprecv: CERT:VERIFY: Peer's certificate issuer is unknown
httprecv: CERT:VERIFY: Peer's certificate is NOT trusted
httprecv: CERT[0]:VERIFY: The hostname in the certificate does NOT match 'localhost'
httprecv: CERT[0]:VERIFY: Issuer : C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=Webbot Certification Authority,EMAIL=ssl@wbcd.pl
httprecv: CERT[0]:VERIFY: Subject: C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=cen06x64.xen.wbcd.pl,EMAIL=ssl@wbcd.pl
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not Before: 2014/04/04 22:33:09
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not After : 2024/04/01 22:33:09
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Cert expire after 2715 [d] (234615640 [s]))
httprecv: X.509: Version: 3
httprecv: X.509: Serial Number (hex): 0A
httprecv: X.509: Signature Algorithm: RSA-SHA1
httprecv: X.509: Issuer : C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=Webbot Certification Authority,EMAIL=ssl@wbcd.pl
httprecv: X.509: Subject: C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=cen06x64.xen.wbcd.pl,EMAIL=ssl@wbcd.pl
httprecv: X.509: Validity: Not Before: 2014/04/04 22:33:09
httprecv: X.509: Validity: Not After : 2024/04/01 22:33:09
httprecv: X.509: Subject Public Key Info: Public Key Algorithm: RSA (4096 bits)
httprecv: X.509: Extensions: Basic Constraints:  CA:FALSE
httprecv: X.509: Extensions: Key usage:  Digital signature.
httprecv: X.509: Extensions: Key usage:  Key encipherment.
httprecv: X.509: Extensions: Key purpose OIDs: TLS WWW Server.
httprecv: X.509: Extensions: Key purpose OIDs: TLS WWW Client.
https://10.41.0.58:443/ dnsq=0.000, conn=0.010, socktls=0.054, send=0.000, wait=0.063, recv=0.000, summ=0.136, size=30, speed=258570, result=200:HTTP/1.1 200 OK

httprecv --syserrors -w 5 --header="Host: cen06x64a.xen.wbcd.pl" --SNI=cen06x64a.xen.wbcd.pl --ca-file=/etc/pki/tls/certs/ca-bundle.crt --starttls --tlsinfo --certcheck-no --certverify --certinfo --body-hide https://10.41.0.58:443/

httprecv: Resolving 10.41.0.58 ... 10.41.0.58 Success
httprecv: Connecting to 10.41.0.58[10.41.0.58]:443 Success
httprecv: CERT:VERIFY: Peer's certificate issuer is unknown
httprecv: CERT:VERIFY: Peer's certificate is NOT trusted
httprecv: CERT[0]:VERIFY: The hostname in the certificate does NOT match 'cen06x64a.xen.wbcd.pl'
httprecv: CERT[0]:VERIFY: Issuer : C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=Webbot Certification Authority,EMAIL=ssl@wbcd.pl
httprecv: CERT[0]:VERIFY: Subject: C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=cen06x64.xen.wbcd.pl,EMAIL=ssl@wbcd.pl
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not Before: 2014/04/04 22:33:09
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not After : 2024/04/01 22:33:09
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Cert expire after 2715 [d] (234615862 [s]))
httprecv: X.509: Version: 3
httprecv: X.509: Serial Number (hex): 0A
httprecv: X.509: Signature Algorithm: RSA-SHA1
httprecv: X.509: Issuer : C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=Webbot Certification Authority,EMAIL=ssl@wbcd.pl
httprecv: X.509: Subject: C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=cen06x64.xen.wbcd.pl,EMAIL=ssl@wbcd.pl
httprecv: X.509: Validity: Not Before: 2014/04/04 22:33:09
httprecv: X.509: Validity: Not After : 2024/04/01 22:33:09
httprecv: X.509: Subject Public Key Info: Public Key Algorithm: RSA (4096 bits)
httprecv: X.509: Extensions: Basic Constraints:  CA:FALSE
httprecv: X.509: Extensions: Key usage:  Digital signature.
httprecv: X.509: Extensions: Key usage:  Key encipherment.
httprecv: X.509: Extensions: Key purpose OIDs: TLS WWW Server.
httprecv: X.509: Extensions: Key purpose OIDs: TLS WWW Client.
https://10.41.0.58:443/ dnsq=0.000, conn=0.017, socktls=0.074, send=0.000, wait=0.063, recv=0.000, summ=0.163, size=30, speed=252409, result=200:HTTP/1.1 200 OK

httprecv --syserrors -w 5 --header="Host: cen06x64a1.xen.wbcd.pl" --SNI=cen06x64a1.xen.wbcd.pl --ca-file=/etc/pki/tls/certs/ca-bundle.crt --starttls --tlsinfo --certcheck-no --certverify --certinfo --body-hide https://10.41.0.58:443/

httprecv: Resolving 10.41.0.58 ... 10.41.0.58 Success
httprecv: Connecting to 10.41.0.58[10.41.0.58]:443 Success
httprecv: CERT:VERIFY: Peer's certificate issuer is unknown
httprecv: CERT:VERIFY: Peer's certificate is NOT trusted
httprecv: CERT[0]:VERIFY: The hostname in the certificate does NOT match 'cen06x64a1.xen.wbcd.pl'
httprecv: CERT[0]:VERIFY: Issuer : C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=Webbot Certification Authority,EMAIL=ssl@wbcd.pl
httprecv: CERT[0]:VERIFY: Subject: C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=cen06x64.xen.wbcd.pl,EMAIL=ssl@wbcd.pl
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not Before: 2014/04/04 22:33:09
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not After : 2024/04/01 22:33:09
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Cert expire after 2715 [d] (234615843 [s]))
httprecv: X.509: Version: 3
httprecv: X.509: Serial Number (hex): 0A
httprecv: X.509: Signature Algorithm: RSA-SHA1
httprecv: X.509: Issuer : C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=Webbot Certification Authority,EMAIL=ssl@wbcd.pl
httprecv: X.509: Subject: C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=cen06x64.xen.wbcd.pl,EMAIL=ssl@wbcd.pl
httprecv: X.509: Validity: Not Before: 2014/04/04 22:33:09
httprecv: X.509: Validity: Not After : 2024/04/01 22:33:09
httprecv: X.509: Subject Public Key Info: Public Key Algorithm: RSA (4096 bits)
httprecv: X.509: Extensions: Basic Constraints:  CA:FALSE
httprecv: X.509: Extensions: Key usage:  Digital signature.
httprecv: X.509: Extensions: Key usage:  Key encipherment.
httprecv: X.509: Extensions: Key purpose OIDs: TLS WWW Server.
httprecv: X.509: Extensions: Key purpose OIDs: TLS WWW Client.
https://10.41.0.58:443/ dnsq=0.000, conn=0.009, socktls=0.056, send=0.000, wait=0.063, recv=0.000, summ=0.138, size=30, speed=225473, result=200:HTTP/1.1 200 OK

httprecv --syserrors -w 5 --header="Host: cen06x64a2.xen.wbcd.pl" --SNI=cen06x64a2.xen.wbcd.pl --ca-file=/etc/pki/tls/certs/ca-bundle.crt --starttls --tlsinfo --certcheck-no --certverify --certinfo --body-hide https://10.41.0.58:443/

httprecv: Resolving 10.41.0.58 ... 10.41.0.58 Success
httprecv: Connecting to 10.41.0.58[10.41.0.58]:443 Success
httprecv: CERT:VERIFY: Peer's certificate issuer is unknown
httprecv: CERT:VERIFY: Peer's certificate is NOT trusted
httprecv: CERT[0]:VERIFY: The hostname in the certificate does NOT match 'cen06x64a2.xen.wbcd.pl'
httprecv: CERT[0]:VERIFY: Issuer : C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=Webbot Certification Authority,EMAIL=ssl@wbcd.pl
httprecv: CERT[0]:VERIFY: Subject: C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=cen06x64.xen.wbcd.pl,EMAIL=ssl@wbcd.pl
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not Before: 2014/04/04 22:33:09
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not After : 2024/04/01 22:33:09
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Cert expire after 2715 [d] (234615836 [s]))
httprecv: X.509: Version: 3
httprecv: X.509: Serial Number (hex): 0A
httprecv: X.509: Signature Algorithm: RSA-SHA1
httprecv: X.509: Issuer : C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=Webbot Certification Authority,EMAIL=ssl@wbcd.pl
httprecv: X.509: Subject: C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=cen06x64.xen.wbcd.pl,EMAIL=ssl@wbcd.pl
httprecv: X.509: Validity: Not Before: 2014/04/04 22:33:09
httprecv: X.509: Validity: Not After : 2024/04/01 22:33:09
httprecv: X.509: Subject Public Key Info: Public Key Algorithm: RSA (4096 bits)
httprecv: X.509: Extensions: Basic Constraints:  CA:FALSE
httprecv: X.509: Extensions: Key usage:  Digital signature.
httprecv: X.509: Extensions: Key usage:  Key encipherment.
httprecv: X.509: Extensions: Key purpose OIDs: TLS WWW Server.
httprecv: X.509: Extensions: Key purpose OIDs: TLS WWW Client.
https://10.41.0.58:443/ dnsq=0.000, conn=0.010, socktls=0.057, send=0.000, wait=0.069, recv=0.000, summ=0.145, size=30, speed=277447, result=200:HTTP/1.1 200 OK

httprecv --syserrors -w 5 --header="Host: cen06x64a3.xen.wbcd.pl" --SNI=cen06x64a3.xen.wbcd.pl --ca-file=/etc/pki/tls/certs/ca-bundle.crt --starttls --tlsinfo --certcheck-no --certverify --certinfo --body-hide https://10.41.0.58:443/

httprecv: Resolving 10.41.0.58 ... 10.41.0.58 Success
httprecv: Connecting to 10.41.0.58[10.41.0.58]:443 Success
httprecv: CERT:VERIFY: Peer's certificate issuer is unknown
httprecv: CERT:VERIFY: Peer's certificate is NOT trusted
httprecv: CERT[0]:VERIFY: The hostname in the certificate does NOT match 'cen06x64a3.xen.wbcd.pl'
httprecv: CERT[0]:VERIFY: Issuer : C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=Webbot Certification Authority,EMAIL=ssl@wbcd.pl
httprecv: CERT[0]:VERIFY: Subject: C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=cen06x64.xen.wbcd.pl,EMAIL=ssl@wbcd.pl
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not Before: 2014/04/04 22:33:09
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not After : 2024/04/01 22:33:09
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Cert expire after 2715 [d] (234615829 [s]))
httprecv: X.509: Version: 3
httprecv: X.509: Serial Number (hex): 0A
httprecv: X.509: Signature Algorithm: RSA-SHA1
httprecv: X.509: Issuer : C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=Webbot Certification Authority,EMAIL=ssl@wbcd.pl
httprecv: X.509: Subject: C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=cen06x64.xen.wbcd.pl,EMAIL=ssl@wbcd.pl
httprecv: X.509: Validity: Not Before: 2014/04/04 22:33:09
httprecv: X.509: Validity: Not After : 2024/04/01 22:33:09
httprecv: X.509: Subject Public Key Info: Public Key Algorithm: RSA (4096 bits)
httprecv: X.509: Extensions: Basic Constraints:  CA:FALSE
httprecv: X.509: Extensions: Key usage:  Digital signature.
httprecv: X.509: Extensions: Key usage:  Key encipherment.
httprecv: X.509: Extensions: Key purpose OIDs: TLS WWW Server.
httprecv: X.509: Extensions: Key purpose OIDs: TLS WWW Client.
https://10.41.0.58:443/ dnsq=0.000, conn=0.009, socktls=0.060, send=0.000, wait=0.059, recv=0.000, summ=0.137, size=30, speed=285952, result=200:HTTP/1.1 200 OK

httprecv --syserrors -w 5 --header="Host: cen06x64b.xen.wbcd.pl" --SNI=cen06x64b.xen.wbcd.pl --ca-file=/etc/pki/tls/certs/ca-bundle.crt --starttls --tlsinfo --certcheck-no --certverify --certinfo --body-hide https://10.41.0.58:443/

httprecv: Resolving 10.41.0.58 ... 10.41.0.58 Success
httprecv: Connecting to 10.41.0.58[10.41.0.58]:443 Success
httprecv: CERT:VERIFY: Peer's certificate issuer is unknown
httprecv: CERT:VERIFY: Peer's certificate is NOT trusted
httprecv: CERT[0]:VERIFY: The hostname in the certificate does NOT match 'cen06x64b.xen.wbcd.pl'
httprecv: CERT[0]:VERIFY: Issuer : C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=Webbot Certification Authority,EMAIL=ssl@wbcd.pl
httprecv: CERT[0]:VERIFY: Subject: C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=cen06x64.xen.wbcd.pl,EMAIL=ssl@wbcd.pl
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not Before: 2014/04/04 22:33:09
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not After : 2024/04/01 22:33:09
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Cert expire after 2715 [d] (234615822 [s]))
httprecv: X.509: Version: 3
httprecv: X.509: Serial Number (hex): 0A
httprecv: X.509: Signature Algorithm: RSA-SHA1
httprecv: X.509: Issuer : C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=Webbot Certification Authority,EMAIL=ssl@wbcd.pl
httprecv: X.509: Subject: C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=cen06x64.xen.wbcd.pl,EMAIL=ssl@wbcd.pl
httprecv: X.509: Validity: Not Before: 2014/04/04 22:33:09
httprecv: X.509: Validity: Not After : 2024/04/01 22:33:09
httprecv: X.509: Subject Public Key Info: Public Key Algorithm: RSA (4096 bits)
httprecv: X.509: Extensions: Basic Constraints:  CA:FALSE
httprecv: X.509: Extensions: Key usage:  Digital signature.
httprecv: X.509: Extensions: Key usage:  Key encipherment.
httprecv: X.509: Extensions: Key purpose OIDs: TLS WWW Server.
httprecv: X.509: Extensions: Key purpose OIDs: TLS WWW Client.
https://10.41.0.58:443/ dnsq=0.000, conn=0.008, socktls=0.058, send=0.000, wait=0.057, recv=0.000, summ=0.133, size=30, speed=283085, result=200:HTTP/1.1 200 OK

httprecv --syserrors -w 5 --header="Host: cen06x64b1.xen.wbcd.pl" --SNI=cen06x64b1.xen.wbcd.pl --ca-file=/etc/pki/tls/certs/ca-bundle.crt --starttls --tlsinfo --certcheck-no --certverify --certinfo --body-hide https://10.41.0.58:443/

httprecv: Resolving 10.41.0.58 ... 10.41.0.58 Success
httprecv: Connecting to 10.41.0.58[10.41.0.58]:443 Success
httprecv: CERT:VERIFY: Peer's certificate issuer is unknown
httprecv: CERT:VERIFY: Peer's certificate is NOT trusted
httprecv: CERT[0]:VERIFY: The hostname in the certificate does NOT match 'cen06x64b1.xen.wbcd.pl'
httprecv: CERT[0]:VERIFY: Issuer : C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=Webbot Certification Authority,EMAIL=ssl@wbcd.pl
httprecv: CERT[0]:VERIFY: Subject: C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=cen06x64.xen.wbcd.pl,EMAIL=ssl@wbcd.pl
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not Before: 2014/04/04 22:33:09
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not After : 2024/04/01 22:33:09
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Cert expire after 2715 [d] (234615816 [s]))
httprecv: X.509: Version: 3
httprecv: X.509: Serial Number (hex): 0A
httprecv: X.509: Signature Algorithm: RSA-SHA1
httprecv: X.509: Issuer : C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=Webbot Certification Authority,EMAIL=ssl@wbcd.pl
httprecv: X.509: Subject: C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=cen06x64.xen.wbcd.pl,EMAIL=ssl@wbcd.pl
httprecv: X.509: Validity: Not Before: 2014/04/04 22:33:09
httprecv: X.509: Validity: Not After : 2024/04/01 22:33:09
httprecv: X.509: Subject Public Key Info: Public Key Algorithm: RSA (4096 bits)
httprecv: X.509: Extensions: Basic Constraints:  CA:FALSE
httprecv: X.509: Extensions: Key usage:  Digital signature.
httprecv: X.509: Extensions: Key usage:  Key encipherment.
httprecv: X.509: Extensions: Key purpose OIDs: TLS WWW Server.
httprecv: X.509: Extensions: Key purpose OIDs: TLS WWW Client.
https://10.41.0.58:443/ dnsq=0.000, conn=0.011, socktls=0.055, send=0.000, wait=0.059, recv=0.000, summ=0.134, size=30, speed=252190, result=200:HTTP/1.1 200 OK

httprecv --syserrors -w 5 --header="Host: cen06x64b2.xen.wbcd.pl" --SNI=cen06x64b2.xen.wbcd.pl --ca-file=/etc/pki/tls/certs/ca-bundle.crt --starttls --tlsinfo --certcheck-no --certverify --certinfo --body-hide https://10.41.0.58:443/

httprecv: Resolving 10.41.0.58 ... 10.41.0.58 Success
httprecv: Connecting to 10.41.0.58[10.41.0.58]:443 Success
httprecv: CERT:VERIFY: Peer's certificate issuer is unknown
httprecv: CERT:VERIFY: Peer's certificate is NOT trusted
httprecv: CERT[0]:VERIFY: The hostname in the certificate does NOT match 'cen06x64b2.xen.wbcd.pl'
httprecv: CERT[0]:VERIFY: Issuer : C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=Webbot Certification Authority,EMAIL=ssl@wbcd.pl
httprecv: CERT[0]:VERIFY: Subject: C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=cen06x64.xen.wbcd.pl,EMAIL=ssl@wbcd.pl
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not Before: 2014/04/04 22:33:09
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not After : 2024/04/01 22:33:09
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Cert expire after 2715 [d] (234615810 [s]))
httprecv: X.509: Version: 3
httprecv: X.509: Serial Number (hex): 0A
httprecv: X.509: Signature Algorithm: RSA-SHA1
httprecv: X.509: Issuer : C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=Webbot Certification Authority,EMAIL=ssl@wbcd.pl
httprecv: X.509: Subject: C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=cen06x64.xen.wbcd.pl,EMAIL=ssl@wbcd.pl
httprecv: X.509: Validity: Not Before: 2014/04/04 22:33:09
httprecv: X.509: Validity: Not After : 2024/04/01 22:33:09
httprecv: X.509: Subject Public Key Info: Public Key Algorithm: RSA (4096 bits)
httprecv: X.509: Extensions: Basic Constraints:  CA:FALSE
httprecv: X.509: Extensions: Key usage:  Digital signature.
httprecv: X.509: Extensions: Key usage:  Key encipherment.
httprecv: X.509: Extensions: Key purpose OIDs: TLS WWW Server.
httprecv: X.509: Extensions: Key purpose OIDs: TLS WWW Client.
https://10.41.0.58:443/ dnsq=0.000, conn=0.008, socktls=0.058, send=0.000, wait=0.059, recv=0.000, summ=0.135, size=30, speed=285865, result=200:HTTP/1.1 200 OK

httprecv --syserrors -w 5 --header="Host: cen06x64b3.xen.wbcd.pl" --SNI=cen06x64b3.xen.wbcd.pl --ca-file=/etc/pki/tls/certs/ca-bundle.crt --starttls --tlsinfo --certcheck-no --certverify --certinfo --body-hide https://10.41.0.58:443/

httprecv: Resolving 10.41.0.58 ... 10.41.0.58 Success
httprecv: Connecting to 10.41.0.58[10.41.0.58]:443 Success
httprecv: CERT:VERIFY: Peer's certificate issuer is unknown
httprecv: CERT:VERIFY: Peer's certificate is NOT trusted
httprecv: CERT[0]:VERIFY: The hostname in the certificate does NOT match 'cen06x64b3.xen.wbcd.pl'
httprecv: CERT[0]:VERIFY: Issuer : C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=Webbot Certification Authority,EMAIL=ssl@wbcd.pl
httprecv: CERT[0]:VERIFY: Subject: C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=cen06x64.xen.wbcd.pl,EMAIL=ssl@wbcd.pl
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not Before: 2014/04/04 22:33:09
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not After : 2024/04/01 22:33:09
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Cert expire after 2715 [d] (234615805 [s]))
httprecv: X.509: Version: 3
httprecv: X.509: Serial Number (hex): 0A
httprecv: X.509: Signature Algorithm: RSA-SHA1
httprecv: X.509: Issuer : C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=Webbot Certification Authority,EMAIL=ssl@wbcd.pl
httprecv: X.509: Subject: C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=cen06x64.xen.wbcd.pl,EMAIL=ssl@wbcd.pl
httprecv: X.509: Validity: Not Before: 2014/04/04 22:33:09
httprecv: X.509: Validity: Not After : 2024/04/01 22:33:09
httprecv: X.509: Subject Public Key Info: Public Key Algorithm: RSA (4096 bits)
httprecv: X.509: Extensions: Basic Constraints:  CA:FALSE
httprecv: X.509: Extensions: Key usage:  Digital signature.
httprecv: X.509: Extensions: Key usage:  Key encipherment.
httprecv: X.509: Extensions: Key purpose OIDs: TLS WWW Server.
httprecv: X.509: Extensions: Key purpose OIDs: TLS WWW Client.
https://10.41.0.58:443/ dnsq=0.000, conn=0.009, socktls=0.056, send=0.000, wait=0.219, recv=0.000, summ=0.293, size=30, speed=291660, result=200:HTTP/1.1 200 OK

httprecv --syserrors -w 5 --header="Host: cen06x64c.xen.wbcd.pl" --SNI=cen06x64c.xen.wbcd.pl --ca-file=/etc/pki/tls/certs/ca-bundle.crt --starttls --tlsinfo --certcheck-no --certverify --certinfo --body-hide https://10.41.0.58:443/

httprecv: Resolving 10.41.0.58 ... 10.41.0.58 Success
httprecv: Connecting to 10.41.0.58[10.41.0.58]:443 Success
httprecv: CERT:VERIFY: Peer's certificate issuer is unknown
httprecv: CERT:VERIFY: Peer's certificate is NOT trusted
httprecv: CERT[0]:VERIFY: The hostname in the certificate does NOT match 'cen06x64c.xen.wbcd.pl'
httprecv: CERT[0]:VERIFY: Issuer : C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=Webbot Certification Authority,EMAIL=ssl@wbcd.pl
httprecv: CERT[0]:VERIFY: Subject: C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=cen06x64.xen.wbcd.pl,EMAIL=ssl@wbcd.pl
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not Before: 2014/04/04 22:33:09
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not After : 2024/04/01 22:33:09
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Cert expire after 2715 [d] (234615800 [s]))
httprecv: X.509: Version: 3
httprecv: X.509: Serial Number (hex): 0A
httprecv: X.509: Signature Algorithm: RSA-SHA1
httprecv: X.509: Issuer : C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=Webbot Certification Authority,EMAIL=ssl@wbcd.pl
httprecv: X.509: Subject: C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=cen06x64.xen.wbcd.pl,EMAIL=ssl@wbcd.pl
httprecv: X.509: Validity: Not Before: 2014/04/04 22:33:09
httprecv: X.509: Validity: Not After : 2024/04/01 22:33:09
httprecv: X.509: Subject Public Key Info: Public Key Algorithm: RSA (4096 bits)
httprecv: X.509: Extensions: Basic Constraints:  CA:FALSE
httprecv: X.509: Extensions: Key usage:  Digital signature.
httprecv: X.509: Extensions: Key usage:  Key encipherment.
httprecv: X.509: Extensions: Key purpose OIDs: TLS WWW Server.
httprecv: X.509: Extensions: Key purpose OIDs: TLS WWW Client.
https://10.41.0.58:443/ dnsq=0.000, conn=0.008, socktls=0.054, send=0.000, wait=0.059, recv=0.000, summ=0.130, size=30, speed=303340, result=200:HTTP/1.1 200 OK

httprecv --syserrors -w 5 --header="Host: cen06x64c1.xen.wbcd.pl" --SNI=cen06x64c1.xen.wbcd.pl --ca-file=/etc/pki/tls/certs/ca-bundle.crt --starttls --tlsinfo --certcheck-no --certverify --certinfo --body-hide https://10.41.0.58:443/

httprecv: Resolving 10.41.0.58 ... 10.41.0.58 Success
httprecv: Connecting to 10.41.0.58[10.41.0.58]:443 Success
httprecv: CERT:VERIFY: Peer's certificate issuer is unknown
httprecv: CERT:VERIFY: Peer's certificate is NOT trusted
httprecv: CERT[0]:VERIFY: The hostname in the certificate does NOT match 'cen06x64c1.xen.wbcd.pl'
httprecv: CERT[0]:VERIFY: Issuer : C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=Webbot Certification Authority,EMAIL=ssl@wbcd.pl
httprecv: CERT[0]:VERIFY: Subject: C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=cen06x64.xen.wbcd.pl,EMAIL=ssl@wbcd.pl
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not Before: 2014/04/04 22:33:09
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not After : 2024/04/01 22:33:09
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Cert expire after 2715 [d] (234615793 [s]))
httprecv: X.509: Version: 3
httprecv: X.509: Serial Number (hex): 0A
httprecv: X.509: Signature Algorithm: RSA-SHA1
httprecv: X.509: Issuer : C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=Webbot Certification Authority,EMAIL=ssl@wbcd.pl
httprecv: X.509: Subject: C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=cen06x64.xen.wbcd.pl,EMAIL=ssl@wbcd.pl
httprecv: X.509: Validity: Not Before: 2014/04/04 22:33:09
httprecv: X.509: Validity: Not After : 2024/04/01 22:33:09
httprecv: X.509: Subject Public Key Info: Public Key Algorithm: RSA (4096 bits)
httprecv: X.509: Extensions: Basic Constraints:  CA:FALSE
httprecv: X.509: Extensions: Key usage:  Digital signature.
httprecv: X.509: Extensions: Key usage:  Key encipherment.
httprecv: X.509: Extensions: Key purpose OIDs: TLS WWW Server.
httprecv: X.509: Extensions: Key purpose OIDs: TLS WWW Client.
https://10.41.0.58:443/ dnsq=0.000, conn=0.009, socktls=0.054, send=0.000, wait=0.059, recv=0.000, summ=0.131, size=30, speed=326477, result=200:HTTP/1.1 200 OK

httprecv --syserrors -w 5 --header="Host: cen06x64c2.xen.wbcd.pl" --SNI=cen06x64c2.xen.wbcd.pl --ca-file=/etc/pki/tls/certs/ca-bundle.crt --starttls --tlsinfo --certcheck-no --certverify --certinfo --body-hide https://10.41.0.58:443/

httprecv: Resolving 10.41.0.58 ... 10.41.0.58 Success
httprecv: Connecting to 10.41.0.58[10.41.0.58]:443 Success
httprecv: CERT:VERIFY: Peer's certificate issuer is unknown
httprecv: CERT:VERIFY: Peer's certificate is NOT trusted
httprecv: CERT[0]:VERIFY: The hostname in the certificate does NOT match 'cen06x64c2.xen.wbcd.pl'
httprecv: CERT[0]:VERIFY: Issuer : C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=Webbot Certification Authority,EMAIL=ssl@wbcd.pl
httprecv: CERT[0]:VERIFY: Subject: C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=cen06x64.xen.wbcd.pl,EMAIL=ssl@wbcd.pl
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not Before: 2014/04/04 22:33:09
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not After : 2024/04/01 22:33:09
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Cert expire after 2715 [d] (234615788 [s]))
httprecv: X.509: Version: 3
httprecv: X.509: Serial Number (hex): 0A
httprecv: X.509: Signature Algorithm: RSA-SHA1
httprecv: X.509: Issuer : C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=Webbot Certification Authority,EMAIL=ssl@wbcd.pl
httprecv: X.509: Subject: C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=cen06x64.xen.wbcd.pl,EMAIL=ssl@wbcd.pl
httprecv: X.509: Validity: Not Before: 2014/04/04 22:33:09
httprecv: X.509: Validity: Not After : 2024/04/01 22:33:09
httprecv: X.509: Subject Public Key Info: Public Key Algorithm: RSA (4096 bits)
httprecv: X.509: Extensions: Basic Constraints:  CA:FALSE
httprecv: X.509: Extensions: Key usage:  Digital signature.
httprecv: X.509: Extensions: Key usage:  Key encipherment.
httprecv: X.509: Extensions: Key purpose OIDs: TLS WWW Server.
httprecv: X.509: Extensions: Key purpose OIDs: TLS WWW Client.
https://10.41.0.58:443/ dnsq=0.000, conn=0.011, socktls=0.059, send=0.000, wait=0.068, recv=0.000, summ=0.147, size=30, speed=294286, result=200:HTTP/1.1 200 OK

httprecv --syserrors -w 5 --header="Host: cen06x64c3.xen.wbcd.pl" --SNI=cen06x64c3.xen.wbcd.pl --ca-file=/etc/pki/tls/certs/ca-bundle.crt --starttls --tlsinfo --certcheck-no --certverify --certinfo --body-hide https://10.41.0.58:443/

httprecv: Resolving 10.41.0.58 ... 10.41.0.58 Success
httprecv: Connecting to 10.41.0.58[10.41.0.58]:443 Success
httprecv: CERT:VERIFY: Peer's certificate issuer is unknown
httprecv: CERT:VERIFY: Peer's certificate is NOT trusted
httprecv: CERT[0]:VERIFY: The hostname in the certificate does NOT match 'cen06x64c3.xen.wbcd.pl'
httprecv: CERT[0]:VERIFY: Issuer : C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=Webbot Certification Authority,EMAIL=ssl@wbcd.pl
httprecv: CERT[0]:VERIFY: Subject: C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=cen06x64.xen.wbcd.pl,EMAIL=ssl@wbcd.pl
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not Before: 2014/04/04 22:33:09
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not After : 2024/04/01 22:33:09
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Cert expire after 2715 [d] (234615783 [s]))
httprecv: X.509: Version: 3
httprecv: X.509: Serial Number (hex): 0A
httprecv: X.509: Signature Algorithm: RSA-SHA1
httprecv: X.509: Issuer : C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=Webbot Certification Authority,EMAIL=ssl@wbcd.pl
httprecv: X.509: Subject: C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=cen06x64.xen.wbcd.pl,EMAIL=ssl@wbcd.pl
httprecv: X.509: Validity: Not Before: 2014/04/04 22:33:09
httprecv: X.509: Validity: Not After : 2024/04/01 22:33:09
httprecv: X.509: Subject Public Key Info: Public Key Algorithm: RSA (4096 bits)
httprecv: X.509: Extensions: Basic Constraints:  CA:FALSE
httprecv: X.509: Extensions: Key usage:  Digital signature.
httprecv: X.509: Extensions: Key usage:  Key encipherment.
httprecv: X.509: Extensions: Key purpose OIDs: TLS WWW Server.
httprecv: X.509: Extensions: Key purpose OIDs: TLS WWW Client.
https://10.41.0.58:443/ dnsq=0.000, conn=0.022, socktls=0.232, send=0.000, wait=0.088, recv=0.000, summ=0.351, size=30, speed=192394, result=200:HTTP/1.1 200 OK

#top Apache/2.4.6 - CentOS 7 - check¶

httprecv --syserrors -w 5 --header="Host: localhost" --SNI=localhost --ca-file=/etc/pki/tls/certs/ca-bundle.crt --starttls --tlsinfo --certcheck-no --certverify --certinfo --body-hide https://10.41.0.57:443/

httprecv: Resolving 10.41.0.57 ... 10.41.0.57 Success
httprecv: Connecting to 10.41.0.57[10.41.0.57]:443 Success
httprecv: CERT:VERIFY: Peer's certificate issuer is unknown
httprecv: CERT:VERIFY: Peer's certificate is NOT trusted
httprecv: CERT[0]:VERIFY: The hostname in the certificate does NOT match 'localhost'
httprecv: CERT[0]:VERIFY: Issuer : C=PL,ST=Mazowieckie,L=Warszawa,O=Org Inc.,OU=Org Unit,CN=cen07x64.xen.wbcd.pl,EMAIL=root@cen07x64.xen.wbcd.pl
httprecv: CERT[0]:VERIFY: Subject: C=PL,ST=Mazowieckie,L=Warszawa,O=Org Inc.,OU=Org Unit,CN=cen07x64.xen.wbcd.pl,EMAIL=root@cen07x64.xen.wbcd.pl
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not Before: 2016/04/10 19:25:46
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not After : 2017/04/10 19:25:46
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Cert expire after 167 [d] (14456619 [s]))
httprecv: X.509: Version: 3
httprecv: X.509: Serial Number (hex): 00:C0:FE:97:CA:EB:E8:3B:13
httprecv: X.509: Signature Algorithm: RSA-SHA256
httprecv: X.509: Issuer : C=PL,ST=Mazowieckie,L=Warszawa,O=Org Inc.,OU=Org Unit,CN=cen07x64.xen.wbcd.pl,EMAIL=root@cen07x64.xen.wbcd.pl
httprecv: X.509: Subject: C=PL,ST=Mazowieckie,L=Warszawa,O=Org Inc.,OU=Org Unit,CN=cen07x64.xen.wbcd.pl,EMAIL=root@cen07x64.xen.wbcd.pl
httprecv: X.509: Validity: Not Before: 2016/04/10 19:25:46
httprecv: X.509: Validity: Not After : 2017/04/10 19:25:46
httprecv: X.509: Subject Public Key Info: Public Key Algorithm: RSA (2048 bits)
httprecv: X.509: Extensions: Basic Constraints:  CA:TRUE
https://10.41.0.57:443/ dnsq=0.000, conn=0.010, socktls=0.074, send=0.000, wait=0.063, recv=0.002, summ=0.159, size=32, speed=15038, result=200:HTTP/1.1 200 OK

httprecv --syserrors -w 5 --header="Host: cen06x64a.xen.wbcd.pl" --SNI=cen06x64a.xen.wbcd.pl --ca-file=/etc/pki/tls/certs/ca-bundle.crt --starttls --tlsinfo --certcheck-no --certverify --certinfo --body-hide https://10.41.0.57:443/

httprecv: Resolving 10.41.0.57 ... 10.41.0.57 Success
httprecv: Connecting to 10.41.0.57[10.41.0.57]:443 Success
httprecv: CERT:VERIFY: Peer's certificate issuer is unknown
httprecv: CERT:VERIFY: Peer's certificate is NOT trusted
httprecv: CERT[0]:VERIFY: The hostname in the certificate match 'cen06x64a.xen.wbcd.pl'
httprecv: CERT[0]:VERIFY: Issuer : C=PL,ST=Mazowieckie,L=Warszawa,O=Webbot\, Inc,OU=Webbot Trust Netowrk,CN=cen06x64a.xen.wbcd.pl,EMAIL=ssl@cen06x64.xen.wbcd.pl
httprecv: CERT[0]:VERIFY: Subject: C=PL,ST=Mazowieckie,L=Warszawa,O=Webbot\, Inc,OU=Webbot Trust Netowrk,CN=cen06x64a.xen.wbcd.pl,EMAIL=ssl@cen06x64.xen.wbcd.pl
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not Before: 2016/10/22 15:19:08
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not After : 2017/10/22 15:19:08
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Cert expire after 362 [d] (31289821 [s]))
httprecv: CERT[0]:VERIFY: X509v3 Subject Alternative Name:
httprecv: CERT[0]:VERIFY:      DNS:cen06x64a.xen.wbcd.pl, DNS:cen06x64a1.xen.wbcd.pl, DNS:cen06x64a2.xen.wbcd.pl, DNS:cen06x64a3.xen.wbcd.pl,
httprecv: X.509: Version: 3
httprecv: X.509: Serial Number (hex): 00:DB:93:CA:57:E4:68:8F:EC
httprecv: X.509: Signature Algorithm: RSA-SHA256
httprecv: X.509: Issuer : C=PL,ST=Mazowieckie,L=Warszawa,O=Webbot\, Inc,OU=Webbot Trust Netowrk,CN=cen06x64a.xen.wbcd.pl,EMAIL=ssl@cen06x64.xen.wbcd.pl
httprecv: X.509: Subject: C=PL,ST=Mazowieckie,L=Warszawa,O=Webbot\, Inc,OU=Webbot Trust Netowrk,CN=cen06x64a.xen.wbcd.pl,EMAIL=ssl@cen06x64.xen.wbcd.pl
httprecv: X.509: Validity: Not Before: 2016/10/22 15:19:08
httprecv: X.509: Validity: Not After : 2017/10/22 15:19:08
httprecv: X.509: Subject Public Key Info: Public Key Algorithm: RSA (2048 bits)
httprecv: X.509: Extensions: Subject Alternative Name: DNS:cen06x64a.xen.wbcd.pl
httprecv: X.509: Extensions: Subject Alternative Name: DNS:cen06x64a1.xen.wbcd.pl
httprecv: X.509: Extensions: Subject Alternative Name: DNS:cen06x64a2.xen.wbcd.pl
httprecv: X.509: Extensions: Subject Alternative Name: DNS:cen06x64a3.xen.wbcd.pl
httprecv: X.509: Extensions: Basic Constraints:  CA:TRUE
https://10.41.0.57:443/ dnsq=0.000, conn=0.009, socktls=0.046, send=0.000, wait=0.062, recv=0.003, summ=0.131, size=32, speed=10832, result=200:HTTP/1.1 200 OK

httprecv --syserrors -w 5 --header="Host: cen06x64a1.xen.wbcd.pl" --SNI=cen06x64a1.xen.wbcd.pl --ca-file=/etc/pki/tls/certs/ca-bundle.crt --starttls --tlsinfo --certcheck-no --certverify --certinfo --body-hide https://10.41.0.57:443/

httprecv: Resolving 10.41.0.57 ... 10.41.0.57 Success
httprecv: Connecting to 10.41.0.57[10.41.0.57]:443 Success
httprecv: CERT:VERIFY: Peer's certificate issuer is unknown
httprecv: CERT:VERIFY: Peer's certificate is NOT trusted
httprecv: CERT[0]:VERIFY: The hostname in the certificate match 'cen06x64a1.xen.wbcd.pl'
httprecv: CERT[0]:VERIFY: Issuer : C=PL,ST=Mazowieckie,L=Warszawa,O=Webbot\, Inc,OU=Webbot Trust Netowrk,CN=cen06x64a.xen.wbcd.pl,EMAIL=ssl@cen06x64.xen.wbcd.pl
httprecv: CERT[0]:VERIFY: Subject: C=PL,ST=Mazowieckie,L=Warszawa,O=Webbot\, Inc,OU=Webbot Trust Netowrk,CN=cen06x64a.xen.wbcd.pl,EMAIL=ssl@cen06x64.xen.wbcd.pl
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not Before: 2016/10/22 15:19:08
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not After : 2017/10/22 15:19:08
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Cert expire after 362 [d] (31289821 [s]))
httprecv: CERT[0]:VERIFY: X509v3 Subject Alternative Name:
httprecv: CERT[0]:VERIFY:      DNS:cen06x64a.xen.wbcd.pl, DNS:cen06x64a1.xen.wbcd.pl, DNS:cen06x64a2.xen.wbcd.pl, DNS:cen06x64a3.xen.wbcd.pl,
httprecv: X.509: Version: 3
httprecv: X.509: Serial Number (hex): 00:DB:93:CA:57:E4:68:8F:EC
httprecv: X.509: Signature Algorithm: RSA-SHA256
httprecv: X.509: Issuer : C=PL,ST=Mazowieckie,L=Warszawa,O=Webbot\, Inc,OU=Webbot Trust Netowrk,CN=cen06x64a.xen.wbcd.pl,EMAIL=ssl@cen06x64.xen.wbcd.pl
httprecv: X.509: Subject: C=PL,ST=Mazowieckie,L=Warszawa,O=Webbot\, Inc,OU=Webbot Trust Netowrk,CN=cen06x64a.xen.wbcd.pl,EMAIL=ssl@cen06x64.xen.wbcd.pl
httprecv: X.509: Validity: Not Before: 2016/10/22 15:19:08
httprecv: X.509: Validity: Not After : 2017/10/22 15:19:08
httprecv: X.509: Subject Public Key Info: Public Key Algorithm: RSA (2048 bits)
httprecv: X.509: Extensions: Subject Alternative Name: DNS:cen06x64a.xen.wbcd.pl
httprecv: X.509: Extensions: Subject Alternative Name: DNS:cen06x64a1.xen.wbcd.pl
httprecv: X.509: Extensions: Subject Alternative Name: DNS:cen06x64a2.xen.wbcd.pl
httprecv: X.509: Extensions: Subject Alternative Name: DNS:cen06x64a3.xen.wbcd.pl
httprecv: X.509: Extensions: Basic Constraints:  CA:TRUE
https://10.41.0.57:443/ dnsq=0.000, conn=0.009, socktls=0.098, send=0.000, wait=0.062, recv=0.000, summ=0.179, size=32, speed=384974, result=200:HTTP/1.1 200 OK

httprecv --syserrors -w 5 --header="Host: cen06x64a2.xen.wbcd.pl" --SNI=cen06x64a2.xen.wbcd.pl --ca-file=/etc/pki/tls/certs/ca-bundle.crt --starttls --tlsinfo --certcheck-no --certverify --certinfo --body-hide https://10.41.0.57:443/

httprecv: Resolving 10.41.0.57 ... 10.41.0.57 Success
httprecv: Connecting to 10.41.0.57[10.41.0.57]:443 Success
httprecv: CERT:VERIFY: Peer's certificate issuer is unknown
httprecv: CERT:VERIFY: Peer's certificate is NOT trusted
httprecv: CERT[0]:VERIFY: The hostname in the certificate match 'cen06x64a2.xen.wbcd.pl'
httprecv: CERT[0]:VERIFY: Issuer : C=PL,ST=Mazowieckie,L=Warszawa,O=Webbot\, Inc,OU=Webbot Trust Netowrk,CN=cen06x64a.xen.wbcd.pl,EMAIL=ssl@cen06x64.xen.wbcd.pl
httprecv: CERT[0]:VERIFY: Subject: C=PL,ST=Mazowieckie,L=Warszawa,O=Webbot\, Inc,OU=Webbot Trust Netowrk,CN=cen06x64a.xen.wbcd.pl,EMAIL=ssl@cen06x64.xen.wbcd.pl
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not Before: 2016/10/22 15:19:08
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not After : 2017/10/22 15:19:08
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Cert expire after 362 [d] (31289821 [s]))
httprecv: CERT[0]:VERIFY: X509v3 Subject Alternative Name:
httprecv: CERT[0]:VERIFY:      DNS:cen06x64a.xen.wbcd.pl, DNS:cen06x64a1.xen.wbcd.pl, DNS:cen06x64a2.xen.wbcd.pl, DNS:cen06x64a3.xen.wbcd.pl,
httprecv: X.509: Version: 3
httprecv: X.509: Serial Number (hex): 00:DB:93:CA:57:E4:68:8F:EC
httprecv: X.509: Signature Algorithm: RSA-SHA256
httprecv: X.509: Issuer : C=PL,ST=Mazowieckie,L=Warszawa,O=Webbot\, Inc,OU=Webbot Trust Netowrk,CN=cen06x64a.xen.wbcd.pl,EMAIL=ssl@cen06x64.xen.wbcd.pl
httprecv: X.509: Subject: C=PL,ST=Mazowieckie,L=Warszawa,O=Webbot\, Inc,OU=Webbot Trust Netowrk,CN=cen06x64a.xen.wbcd.pl,EMAIL=ssl@cen06x64.xen.wbcd.pl
httprecv: X.509: Validity: Not Before: 2016/10/22 15:19:08
httprecv: X.509: Validity: Not After : 2017/10/22 15:19:08
httprecv: X.509: Subject Public Key Info: Public Key Algorithm: RSA (2048 bits)
httprecv: X.509: Extensions: Subject Alternative Name: DNS:cen06x64a.xen.wbcd.pl
httprecv: X.509: Extensions: Subject Alternative Name: DNS:cen06x64a1.xen.wbcd.pl
httprecv: X.509: Extensions: Subject Alternative Name: DNS:cen06x64a2.xen.wbcd.pl
httprecv: X.509: Extensions: Subject Alternative Name: DNS:cen06x64a3.xen.wbcd.pl
httprecv: X.509: Extensions: Basic Constraints:  CA:TRUE
https://10.41.0.57:443/ dnsq=0.000, conn=0.018, socktls=0.038, send=0.000, wait=0.060, recv=0.000, summ=0.126, size=32, speed=432313, result=200:HTTP/1.1 200 OK

httprecv --syserrors -w 5 --header="Host: cen06x64a3.xen.wbcd.pl" --SNI=cen06x64a3.xen.wbcd.pl --ca-file=/etc/pki/tls/certs/ca-bundle.crt --starttls --tlsinfo --certcheck-no --certverify --certinfo --body-hide https://10.41.0.57:443/

httprecv: Resolving 10.41.0.57 ... 10.41.0.57 Success
httprecv: Connecting to 10.41.0.57[10.41.0.57]:443 Success
httprecv: CERT:VERIFY: Peer's certificate issuer is unknown
httprecv: CERT:VERIFY: Peer's certificate is NOT trusted
httprecv: CERT[0]:VERIFY: The hostname in the certificate match 'cen06x64a3.xen.wbcd.pl'
httprecv: CERT[0]:VERIFY: Issuer : C=PL,ST=Mazowieckie,L=Warszawa,O=Webbot\, Inc,OU=Webbot Trust Netowrk,CN=cen06x64a.xen.wbcd.pl,EMAIL=ssl@cen06x64.xen.wbcd.pl
httprecv: CERT[0]:VERIFY: Subject: C=PL,ST=Mazowieckie,L=Warszawa,O=Webbot\, Inc,OU=Webbot Trust Netowrk,CN=cen06x64a.xen.wbcd.pl,EMAIL=ssl@cen06x64.xen.wbcd.pl
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not Before: 2016/10/22 15:19:08
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not After : 2017/10/22 15:19:08
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Cert expire after 362 [d] (31289820 [s]))
httprecv: CERT[0]:VERIFY: X509v3 Subject Alternative Name:
httprecv: CERT[0]:VERIFY:      DNS:cen06x64a.xen.wbcd.pl, DNS:cen06x64a1.xen.wbcd.pl, DNS:cen06x64a2.xen.wbcd.pl, DNS:cen06x64a3.xen.wbcd.pl,
httprecv: X.509: Version: 3
httprecv: X.509: Serial Number (hex): 00:DB:93:CA:57:E4:68:8F:EC
httprecv: X.509: Signature Algorithm: RSA-SHA256
httprecv: X.509: Issuer : C=PL,ST=Mazowieckie,L=Warszawa,O=Webbot\, Inc,OU=Webbot Trust Netowrk,CN=cen06x64a.xen.wbcd.pl,EMAIL=ssl@cen06x64.xen.wbcd.pl
httprecv: X.509: Subject: C=PL,ST=Mazowieckie,L=Warszawa,O=Webbot\, Inc,OU=Webbot Trust Netowrk,CN=cen06x64a.xen.wbcd.pl,EMAIL=ssl@cen06x64.xen.wbcd.pl
httprecv: X.509: Validity: Not Before: 2016/10/22 15:19:08
httprecv: X.509: Validity: Not After : 2017/10/22 15:19:08
httprecv: X.509: Subject Public Key Info: Public Key Algorithm: RSA (2048 bits)
httprecv: X.509: Extensions: Subject Alternative Name: DNS:cen06x64a.xen.wbcd.pl
httprecv: X.509: Extensions: Subject Alternative Name: DNS:cen06x64a1.xen.wbcd.pl
httprecv: X.509: Extensions: Subject Alternative Name: DNS:cen06x64a2.xen.wbcd.pl
httprecv: X.509: Extensions: Subject Alternative Name: DNS:cen06x64a3.xen.wbcd.pl
httprecv: X.509: Extensions: Basic Constraints:  CA:TRUE
https://10.41.0.57:443/ dnsq=0.000, conn=0.008, socktls=0.040, send=0.000, wait=0.068, recv=0.000, summ=0.126, size=32, speed=320088, result=200:HTTP/1.1 200 OK

httprecv --syserrors -w 5 --header="Host: cen06x64b.xen.wbcd.pl" --SNI=cen06x64b.xen.wbcd.pl --ca-file=/etc/pki/tls/certs/ca-bundle.crt --starttls --tlsinfo --certcheck-no --certverify --certinfo --body-hide https://10.41.0.57:443/

httprecv: Resolving 10.41.0.57 ... 10.41.0.57 Success
httprecv: Connecting to 10.41.0.57[10.41.0.57]:443 Success
httprecv: CERT:VERIFY: Peer's certificate issuer is unknown
httprecv: CERT:VERIFY: Peer's certificate is NOT trusted
httprecv: CERT[0]:VERIFY: The hostname in the certificate match 'cen06x64b.xen.wbcd.pl'
httprecv: CERT[0]:VERIFY: Issuer : C=PL,ST=Mazowieckie,L=Warszawa,O=Webbot\, Inc,OU=Webbot Trust Netowrk,CN=cen06x64b.xen.wbcd.pl,EMAIL=ssl@cen06x64.xen.wbcd.pl
httprecv: CERT[0]:VERIFY: Subject: C=PL,ST=Mazowieckie,L=Warszawa,O=Webbot\, Inc,OU=Webbot Trust Netowrk,CN=cen06x64b.xen.wbcd.pl,EMAIL=ssl@cen06x64.xen.wbcd.pl
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not Before: 2016/10/22 15:19:11
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not After : 2017/10/22 15:19:11
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Cert expire after 362 [d] (31289823 [s]))
httprecv: CERT[0]:VERIFY: X509v3 Subject Alternative Name:
httprecv: CERT[0]:VERIFY:      DNS:cen06x64b.xen.wbcd.pl, DNS:cen06x64b1.xen.wbcd.pl, DNS:cen06x64b2.xen.wbcd.pl, DNS:cen06x64b3.xen.wbcd.pl,
httprecv: X.509: Version: 3
httprecv: X.509: Serial Number (hex): 00:82:1E:15:3B:CB:FA:45:6E
httprecv: X.509: Signature Algorithm: RSA-SHA256
httprecv: X.509: Issuer : C=PL,ST=Mazowieckie,L=Warszawa,O=Webbot\, Inc,OU=Webbot Trust Netowrk,CN=cen06x64b.xen.wbcd.pl,EMAIL=ssl@cen06x64.xen.wbcd.pl
httprecv: X.509: Subject: C=PL,ST=Mazowieckie,L=Warszawa,O=Webbot\, Inc,OU=Webbot Trust Netowrk,CN=cen06x64b.xen.wbcd.pl,EMAIL=ssl@cen06x64.xen.wbcd.pl
httprecv: X.509: Validity: Not Before: 2016/10/22 15:19:11
httprecv: X.509: Validity: Not After : 2017/10/22 15:19:11
httprecv: X.509: Subject Public Key Info: Public Key Algorithm: RSA (2048 bits)
httprecv: X.509: Extensions: Subject Alternative Name: DNS:cen06x64b.xen.wbcd.pl
httprecv: X.509: Extensions: Subject Alternative Name: DNS:cen06x64b1.xen.wbcd.pl
httprecv: X.509: Extensions: Subject Alternative Name: DNS:cen06x64b2.xen.wbcd.pl
httprecv: X.509: Extensions: Subject Alternative Name: DNS:cen06x64b3.xen.wbcd.pl
httprecv: X.509: Extensions: Basic Constraints:  CA:TRUE
https://10.41.0.57:443/ dnsq=0.000, conn=0.013, socktls=0.040, send=0.000, wait=0.060, recv=0.000, summ=0.123, size=32, speed=291512, result=200:HTTP/1.1 200 OK

httprecv --syserrors -w 5 --header="Host: cen06x64b1.xen.wbcd.pl" --SNI=cen06x64b1.xen.wbcd.pl --ca-file=/etc/pki/tls/certs/ca-bundle.crt --starttls --tlsinfo --certcheck-no --certverify --certinfo --body-hide https://10.41.0.57:443/

httprecv: Resolving 10.41.0.57 ... 10.41.0.57 Success
httprecv: Connecting to 10.41.0.57[10.41.0.57]:443 Success
httprecv: CERT:VERIFY: Peer's certificate issuer is unknown
httprecv: CERT:VERIFY: Peer's certificate is NOT trusted
httprecv: CERT[0]:VERIFY: The hostname in the certificate match 'cen06x64b1.xen.wbcd.pl'
httprecv: CERT[0]:VERIFY: Issuer : C=PL,ST=Mazowieckie,L=Warszawa,O=Webbot\, Inc,OU=Webbot Trust Netowrk,CN=cen06x64b.xen.wbcd.pl,EMAIL=ssl@cen06x64.xen.wbcd.pl
httprecv: CERT[0]:VERIFY: Subject: C=PL,ST=Mazowieckie,L=Warszawa,O=Webbot\, Inc,OU=Webbot Trust Netowrk,CN=cen06x64b.xen.wbcd.pl,EMAIL=ssl@cen06x64.xen.wbcd.pl
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not Before: 2016/10/22 15:19:11
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not After : 2017/10/22 15:19:11
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Cert expire after 362 [d] (31289823 [s]))
httprecv: CERT[0]:VERIFY: X509v3 Subject Alternative Name:
httprecv: CERT[0]:VERIFY:      DNS:cen06x64b.xen.wbcd.pl, DNS:cen06x64b1.xen.wbcd.pl, DNS:cen06x64b2.xen.wbcd.pl, DNS:cen06x64b3.xen.wbcd.pl,
httprecv: X.509: Version: 3
httprecv: X.509: Serial Number (hex): 00:82:1E:15:3B:CB:FA:45:6E
httprecv: X.509: Signature Algorithm: RSA-SHA256
httprecv: X.509: Issuer : C=PL,ST=Mazowieckie,L=Warszawa,O=Webbot\, Inc,OU=Webbot Trust Netowrk,CN=cen06x64b.xen.wbcd.pl,EMAIL=ssl@cen06x64.xen.wbcd.pl
httprecv: X.509: Subject: C=PL,ST=Mazowieckie,L=Warszawa,O=Webbot\, Inc,OU=Webbot Trust Netowrk,CN=cen06x64b.xen.wbcd.pl,EMAIL=ssl@cen06x64.xen.wbcd.pl
httprecv: X.509: Validity: Not Before: 2016/10/22 15:19:11
httprecv: X.509: Validity: Not After : 2017/10/22 15:19:11
httprecv: X.509: Subject Public Key Info: Public Key Algorithm: RSA (2048 bits)
httprecv: X.509: Extensions: Subject Alternative Name: DNS:cen06x64b.xen.wbcd.pl
httprecv: X.509: Extensions: Subject Alternative Name: DNS:cen06x64b1.xen.wbcd.pl
httprecv: X.509: Extensions: Subject Alternative Name: DNS:cen06x64b2.xen.wbcd.pl
httprecv: X.509: Extensions: Subject Alternative Name: DNS:cen06x64b3.xen.wbcd.pl
httprecv: X.509: Extensions: Basic Constraints:  CA:TRUE
https://10.41.0.57:443/ dnsq=0.000, conn=0.009, socktls=0.038, send=0.000, wait=0.064, recv=0.000, summ=0.120, size=32, speed=367933, result=200:HTTP/1.1 200 OK

httprecv --syserrors -w 5 --header="Host: cen06x64b2.xen.wbcd.pl" --SNI=cen06x64b2.xen.wbcd.pl --ca-file=/etc/pki/tls/certs/ca-bundle.crt --starttls --tlsinfo --certcheck-no --certverify --certinfo --body-hide https://10.41.0.57:443/

httprecv: Resolving 10.41.0.57 ... 10.41.0.57 Success
httprecv: Connecting to 10.41.0.57[10.41.0.57]:443 Success
httprecv: CERT:VERIFY: Peer's certificate issuer is unknown
httprecv: CERT:VERIFY: Peer's certificate is NOT trusted
httprecv: CERT[0]:VERIFY: The hostname in the certificate match 'cen06x64b2.xen.wbcd.pl'
httprecv: CERT[0]:VERIFY: Issuer : C=PL,ST=Mazowieckie,L=Warszawa,O=Webbot\, Inc,OU=Webbot Trust Netowrk,CN=cen06x64b.xen.wbcd.pl,EMAIL=ssl@cen06x64.xen.wbcd.pl
httprecv: CERT[0]:VERIFY: Subject: C=PL,ST=Mazowieckie,L=Warszawa,O=Webbot\, Inc,OU=Webbot Trust Netowrk,CN=cen06x64b.xen.wbcd.pl,EMAIL=ssl@cen06x64.xen.wbcd.pl
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not Before: 2016/10/22 15:19:11
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not After : 2017/10/22 15:19:11
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Cert expire after 362 [d] (31289823 [s]))
httprecv: CERT[0]:VERIFY: X509v3 Subject Alternative Name:
httprecv: CERT[0]:VERIFY:      DNS:cen06x64b.xen.wbcd.pl, DNS:cen06x64b1.xen.wbcd.pl, DNS:cen06x64b2.xen.wbcd.pl, DNS:cen06x64b3.xen.wbcd.pl,
httprecv: X.509: Version: 3
httprecv: X.509: Serial Number (hex): 00:82:1E:15:3B:CB:FA:45:6E
httprecv: X.509: Signature Algorithm: RSA-SHA256
httprecv: X.509: Issuer : C=PL,ST=Mazowieckie,L=Warszawa,O=Webbot\, Inc,OU=Webbot Trust Netowrk,CN=cen06x64b.xen.wbcd.pl,EMAIL=ssl@cen06x64.xen.wbcd.pl
httprecv: X.509: Subject: C=PL,ST=Mazowieckie,L=Warszawa,O=Webbot\, Inc,OU=Webbot Trust Netowrk,CN=cen06x64b.xen.wbcd.pl,EMAIL=ssl@cen06x64.xen.wbcd.pl
httprecv: X.509: Validity: Not Before: 2016/10/22 15:19:11
httprecv: X.509: Validity: Not After : 2017/10/22 15:19:11
httprecv: X.509: Subject Public Key Info: Public Key Algorithm: RSA (2048 bits)
httprecv: X.509: Extensions: Subject Alternative Name: DNS:cen06x64b.xen.wbcd.pl
httprecv: X.509: Extensions: Subject Alternative Name: DNS:cen06x64b1.xen.wbcd.pl
httprecv: X.509: Extensions: Subject Alternative Name: DNS:cen06x64b2.xen.wbcd.pl
httprecv: X.509: Extensions: Subject Alternative Name: DNS:cen06x64b3.xen.wbcd.pl
httprecv: X.509: Extensions: Basic Constraints:  CA:TRUE
https://10.41.0.57:443/ dnsq=0.000, conn=0.009, socktls=0.040, send=0.000, wait=0.065, recv=0.000, summ=0.124, size=32, speed=326370, result=200:HTTP/1.1 200 OK

httprecv --syserrors -w 5 --header="Host: cen06x64b3.xen.wbcd.pl" --SNI=cen06x64b3.xen.wbcd.pl --ca-file=/etc/pki/tls/certs/ca-bundle.crt --starttls --tlsinfo --certcheck-no --certverify --certinfo --body-hide https://10.41.0.57:443/

httprecv: Resolving 10.41.0.57 ... 10.41.0.57 Success
httprecv: Connecting to 10.41.0.57[10.41.0.57]:443 Success
httprecv: CERT:VERIFY: Peer's certificate issuer is unknown
httprecv: CERT:VERIFY: Peer's certificate is NOT trusted
httprecv: CERT[0]:VERIFY: The hostname in the certificate match 'cen06x64b3.xen.wbcd.pl'
httprecv: CERT[0]:VERIFY: Issuer : C=PL,ST=Mazowieckie,L=Warszawa,O=Webbot\, Inc,OU=Webbot Trust Netowrk,CN=cen06x64b.xen.wbcd.pl,EMAIL=ssl@cen06x64.xen.wbcd.pl
httprecv: CERT[0]:VERIFY: Subject: C=PL,ST=Mazowieckie,L=Warszawa,O=Webbot\, Inc,OU=Webbot Trust Netowrk,CN=cen06x64b.xen.wbcd.pl,EMAIL=ssl@cen06x64.xen.wbcd.pl
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not Before: 2016/10/22 15:19:11
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not After : 2017/10/22 15:19:11
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Cert expire after 362 [d] (31289823 [s]))
httprecv: CERT[0]:VERIFY: X509v3 Subject Alternative Name:
httprecv: CERT[0]:VERIFY:      DNS:cen06x64b.xen.wbcd.pl, DNS:cen06x64b1.xen.wbcd.pl, DNS:cen06x64b2.xen.wbcd.pl, DNS:cen06x64b3.xen.wbcd.pl,
httprecv: X.509: Version: 3
httprecv: X.509: Serial Number (hex): 00:82:1E:15:3B:CB:FA:45:6E
httprecv: X.509: Signature Algorithm: RSA-SHA256
httprecv: X.509: Issuer : C=PL,ST=Mazowieckie,L=Warszawa,O=Webbot\, Inc,OU=Webbot Trust Netowrk,CN=cen06x64b.xen.wbcd.pl,EMAIL=ssl@cen06x64.xen.wbcd.pl
httprecv: X.509: Subject: C=PL,ST=Mazowieckie,L=Warszawa,O=Webbot\, Inc,OU=Webbot Trust Netowrk,CN=cen06x64b.xen.wbcd.pl,EMAIL=ssl@cen06x64.xen.wbcd.pl
httprecv: X.509: Validity: Not Before: 2016/10/22 15:19:11
httprecv: X.509: Validity: Not After : 2017/10/22 15:19:11
httprecv: X.509: Subject Public Key Info: Public Key Algorithm: RSA (2048 bits)
httprecv: X.509: Extensions: Subject Alternative Name: DNS:cen06x64b.xen.wbcd.pl
httprecv: X.509: Extensions: Subject Alternative Name: DNS:cen06x64b1.xen.wbcd.pl
httprecv: X.509: Extensions: Subject Alternative Name: DNS:cen06x64b2.xen.wbcd.pl
httprecv: X.509: Extensions: Subject Alternative Name: DNS:cen06x64b3.xen.wbcd.pl
httprecv: X.509: Extensions: Basic Constraints:  CA:TRUE
https://10.41.0.57:443/ dnsq=0.000, conn=0.009, socktls=0.040, send=0.000, wait=0.058, recv=0.000, summ=0.117, size=32, speed=281141, result=200:HTTP/1.1 200 OK

httprecv --syserrors -w 5 --header="Host: cen06x64c.xen.wbcd.pl" --SNI=cen06x64c.xen.wbcd.pl --ca-file=/etc/pki/tls/certs/ca-bundle.crt --starttls --tlsinfo --certcheck-no --certverify --certinfo --body-hide https://10.41.0.57:443/

httprecv: Resolving 10.41.0.57 ... 10.41.0.57 Success
httprecv: Connecting to 10.41.0.57[10.41.0.57]:443 Success
httprecv: CERT:VERIFY: Peer's certificate issuer is unknown
httprecv: CERT:VERIFY: Peer's certificate is NOT trusted
httprecv: CERT[0]:VERIFY: The hostname in the certificate match 'cen06x64c.xen.wbcd.pl'
httprecv: CERT[0]:VERIFY: Issuer : C=PL,ST=Mazowieckie,L=Warszawa,O=Webbot\, Inc,OU=Webbot Trust Netowrk,CN=cen06x64c.xen.wbcd.pl,EMAIL=ssl@cen06x64.xen.wbcd.pl
httprecv: CERT[0]:VERIFY: Subject: C=PL,ST=Mazowieckie,L=Warszawa,O=Webbot\, Inc,OU=Webbot Trust Netowrk,CN=cen06x64c.xen.wbcd.pl,EMAIL=ssl@cen06x64.xen.wbcd.pl
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not Before: 2016/10/22 15:19:13
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not After : 2017/10/22 15:19:13
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Cert expire after 362 [d] (31289825 [s]))
httprecv: CERT[0]:VERIFY: X509v3 Subject Alternative Name:
httprecv: CERT[0]:VERIFY:      DNS:cen06x64c.xen.wbcd.pl, DNS:cen06x64c1.xen.wbcd.pl, DNS:cen06x64c2.xen.wbcd.pl, DNS:cen06x64c3.xen.wbcd.pl,
httprecv: X.509: Version: 3
httprecv: X.509: Serial Number (hex): 00:E3:2A:B0:D8:C5:B3:8E:FA
httprecv: X.509: Signature Algorithm: RSA-SHA256
httprecv: X.509: Issuer : C=PL,ST=Mazowieckie,L=Warszawa,O=Webbot\, Inc,OU=Webbot Trust Netowrk,CN=cen06x64c.xen.wbcd.pl,EMAIL=ssl@cen06x64.xen.wbcd.pl
httprecv: X.509: Subject: C=PL,ST=Mazowieckie,L=Warszawa,O=Webbot\, Inc,OU=Webbot Trust Netowrk,CN=cen06x64c.xen.wbcd.pl,EMAIL=ssl@cen06x64.xen.wbcd.pl
httprecv: X.509: Validity: Not Before: 2016/10/22 15:19:13
httprecv: X.509: Validity: Not After : 2017/10/22 15:19:13
httprecv: X.509: Subject Public Key Info: Public Key Algorithm: RSA (2048 bits)
httprecv: X.509: Extensions: Subject Alternative Name: DNS:cen06x64c.xen.wbcd.pl
httprecv: X.509: Extensions: Subject Alternative Name: DNS:cen06x64c1.xen.wbcd.pl
httprecv: X.509: Extensions: Subject Alternative Name: DNS:cen06x64c2.xen.wbcd.pl
httprecv: X.509: Extensions: Subject Alternative Name: DNS:cen06x64c3.xen.wbcd.pl
httprecv: X.509: Extensions: Basic Constraints:  CA:TRUE
https://10.41.0.57:443/ dnsq=0.000, conn=0.010, socktls=0.039, send=0.000, wait=0.060, recv=0.000, summ=0.118, size=32, speed=337048, result=200:HTTP/1.1 200 OK

httprecv --syserrors -w 5 --header="Host: cen06x64c1.xen.wbcd.pl" --SNI=cen06x64c1.xen.wbcd.pl --ca-file=/etc/pki/tls/certs/ca-bundle.crt --starttls --tlsinfo --certcheck-no --certverify --certinfo --body-hide https://10.41.0.57:443/

httprecv: Resolving 10.41.0.57 ... 10.41.0.57 Success
httprecv: Connecting to 10.41.0.57[10.41.0.57]:443 Success
httprecv: CERT:VERIFY: Peer's certificate issuer is unknown
httprecv: CERT:VERIFY: Peer's certificate is NOT trusted
httprecv: CERT[0]:VERIFY: The hostname in the certificate match 'cen06x64c1.xen.wbcd.pl'
httprecv: CERT[0]:VERIFY: Issuer : C=PL,ST=Mazowieckie,L=Warszawa,O=Webbot\, Inc,OU=Webbot Trust Netowrk,CN=cen06x64c.xen.wbcd.pl,EMAIL=ssl@cen06x64.xen.wbcd.pl
httprecv: CERT[0]:VERIFY: Subject: C=PL,ST=Mazowieckie,L=Warszawa,O=Webbot\, Inc,OU=Webbot Trust Netowrk,CN=cen06x64c.xen.wbcd.pl,EMAIL=ssl@cen06x64.xen.wbcd.pl
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not Before: 2016/10/22 15:19:13
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not After : 2017/10/22 15:19:13
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Cert expire after 362 [d] (31289825 [s]))
httprecv: CERT[0]:VERIFY: X509v3 Subject Alternative Name:
httprecv: CERT[0]:VERIFY:      DNS:cen06x64c.xen.wbcd.pl, DNS:cen06x64c1.xen.wbcd.pl, DNS:cen06x64c2.xen.wbcd.pl, DNS:cen06x64c3.xen.wbcd.pl,
httprecv: X.509: Version: 3
httprecv: X.509: Serial Number (hex): 00:E3:2A:B0:D8:C5:B3:8E:FA
httprecv: X.509: Signature Algorithm: RSA-SHA256
httprecv: X.509: Issuer : C=PL,ST=Mazowieckie,L=Warszawa,O=Webbot\, Inc,OU=Webbot Trust Netowrk,CN=cen06x64c.xen.wbcd.pl,EMAIL=ssl@cen06x64.xen.wbcd.pl
httprecv: X.509: Subject: C=PL,ST=Mazowieckie,L=Warszawa,O=Webbot\, Inc,OU=Webbot Trust Netowrk,CN=cen06x64c.xen.wbcd.pl,EMAIL=ssl@cen06x64.xen.wbcd.pl
httprecv: X.509: Validity: Not Before: 2016/10/22 15:19:13
httprecv: X.509: Validity: Not After : 2017/10/22 15:19:13
httprecv: X.509: Subject Public Key Info: Public Key Algorithm: RSA (2048 bits)
httprecv: X.509: Extensions: Subject Alternative Name: DNS:cen06x64c.xen.wbcd.pl
httprecv: X.509: Extensions: Subject Alternative Name: DNS:cen06x64c1.xen.wbcd.pl
httprecv: X.509: Extensions: Subject Alternative Name: DNS:cen06x64c2.xen.wbcd.pl
httprecv: X.509: Extensions: Subject Alternative Name: DNS:cen06x64c3.xen.wbcd.pl
httprecv: X.509: Extensions: Basic Constraints:  CA:TRUE
https://10.41.0.57:443/ dnsq=0.000, conn=0.024, socktls=0.038, send=0.000, wait=0.061, recv=0.000, summ=0.132, size=32, speed=345079, result=200:HTTP/1.1 200 OK

httprecv --syserrors -w 5 --header="Host: cen06x64c2.xen.wbcd.pl" --SNI=cen06x64c2.xen.wbcd.pl --ca-file=/etc/pki/tls/certs/ca-bundle.crt --starttls --tlsinfo --certcheck-no --certverify --certinfo --body-hide https://10.41.0.57:443/

httprecv: Resolving 10.41.0.57 ... 10.41.0.57 Success
httprecv: Connecting to 10.41.0.57[10.41.0.57]:443 Success
httprecv: CERT:VERIFY: Peer's certificate issuer is unknown
httprecv: CERT:VERIFY: Peer's certificate is NOT trusted
httprecv: CERT[0]:VERIFY: The hostname in the certificate match 'cen06x64c2.xen.wbcd.pl'
httprecv: CERT[0]:VERIFY: Issuer : C=PL,ST=Mazowieckie,L=Warszawa,O=Webbot\, Inc,OU=Webbot Trust Netowrk,CN=cen06x64c.xen.wbcd.pl,EMAIL=ssl@cen06x64.xen.wbcd.pl
httprecv: CERT[0]:VERIFY: Subject: C=PL,ST=Mazowieckie,L=Warszawa,O=Webbot\, Inc,OU=Webbot Trust Netowrk,CN=cen06x64c.xen.wbcd.pl,EMAIL=ssl@cen06x64.xen.wbcd.pl
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not Before: 2016/10/22 15:19:13
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not After : 2017/10/22 15:19:13
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Cert expire after 362 [d] (31289824 [s]))
httprecv: CERT[0]:VERIFY: X509v3 Subject Alternative Name:
httprecv: CERT[0]:VERIFY:      DNS:cen06x64c.xen.wbcd.pl, DNS:cen06x64c1.xen.wbcd.pl, DNS:cen06x64c2.xen.wbcd.pl, DNS:cen06x64c3.xen.wbcd.pl,
httprecv: X.509: Version: 3
httprecv: X.509: Serial Number (hex): 00:E3:2A:B0:D8:C5:B3:8E:FA
httprecv: X.509: Signature Algorithm: RSA-SHA256
httprecv: X.509: Issuer : C=PL,ST=Mazowieckie,L=Warszawa,O=Webbot\, Inc,OU=Webbot Trust Netowrk,CN=cen06x64c.xen.wbcd.pl,EMAIL=ssl@cen06x64.xen.wbcd.pl
httprecv: X.509: Subject: C=PL,ST=Mazowieckie,L=Warszawa,O=Webbot\, Inc,OU=Webbot Trust Netowrk,CN=cen06x64c.xen.wbcd.pl,EMAIL=ssl@cen06x64.xen.wbcd.pl
httprecv: X.509: Validity: Not Before: 2016/10/22 15:19:13
httprecv: X.509: Validity: Not After : 2017/10/22 15:19:13
httprecv: X.509: Subject Public Key Info: Public Key Algorithm: RSA (2048 bits)
httprecv: X.509: Extensions: Subject Alternative Name: DNS:cen06x64c.xen.wbcd.pl
httprecv: X.509: Extensions: Subject Alternative Name: DNS:cen06x64c1.xen.wbcd.pl
httprecv: X.509: Extensions: Subject Alternative Name: DNS:cen06x64c2.xen.wbcd.pl
httprecv: X.509: Extensions: Subject Alternative Name: DNS:cen06x64c3.xen.wbcd.pl
httprecv: X.509: Extensions: Basic Constraints:  CA:TRUE
https://10.41.0.57:443/ dnsq=0.000, conn=0.008, socktls=0.042, send=0.000, wait=0.062, recv=0.000, summ=0.122, size=32, speed=244251, result=200:HTTP/1.1 200 OK

httprecv --syserrors -w 5 --header="Host: cen06x64c3.xen.wbcd.pl" --SNI=cen06x64c3.xen.wbcd.pl --ca-file=/etc/pki/tls/certs/ca-bundle.crt --starttls --tlsinfo --certcheck-no --certverify --certinfo --body-hide https://10.41.0.57:443/

httprecv: Resolving 10.41.0.57 ... 10.41.0.57 Success
httprecv: Connecting to 10.41.0.57[10.41.0.57]:443 Success
httprecv: CERT:VERIFY: Peer's certificate issuer is unknown
httprecv: CERT:VERIFY: Peer's certificate is NOT trusted
httprecv: CERT[0]:VERIFY: The hostname in the certificate match 'cen06x64c3.xen.wbcd.pl'
httprecv: CERT[0]:VERIFY: Issuer : C=PL,ST=Mazowieckie,L=Warszawa,O=Webbot\, Inc,OU=Webbot Trust Netowrk,CN=cen06x64c.xen.wbcd.pl,EMAIL=ssl@cen06x64.xen.wbcd.pl
httprecv: CERT[0]:VERIFY: Subject: C=PL,ST=Mazowieckie,L=Warszawa,O=Webbot\, Inc,OU=Webbot Trust Netowrk,CN=cen06x64c.xen.wbcd.pl,EMAIL=ssl@cen06x64.xen.wbcd.pl
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not Before: 2016/10/22 15:19:13
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not After : 2017/10/22 15:19:13
httprecv: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Cert expire after 362 [d] (31289824 [s]))
httprecv: CERT[0]:VERIFY: X509v3 Subject Alternative Name:
httprecv: CERT[0]:VERIFY:      DNS:cen06x64c.xen.wbcd.pl, DNS:cen06x64c1.xen.wbcd.pl, DNS:cen06x64c2.xen.wbcd.pl, DNS:cen06x64c3.xen.wbcd.pl,
httprecv: X.509: Version: 3
httprecv: X.509: Serial Number (hex): 00:E3:2A:B0:D8:C5:B3:8E:FA
httprecv: X.509: Signature Algorithm: RSA-SHA256
httprecv: X.509: Issuer : C=PL,ST=Mazowieckie,L=Warszawa,O=Webbot\, Inc,OU=Webbot Trust Netowrk,CN=cen06x64c.xen.wbcd.pl,EMAIL=ssl@cen06x64.xen.wbcd.pl
httprecv: X.509: Subject: C=PL,ST=Mazowieckie,L=Warszawa,O=Webbot\, Inc,OU=Webbot Trust Netowrk,CN=cen06x64c.xen.wbcd.pl,EMAIL=ssl@cen06x64.xen.wbcd.pl
httprecv: X.509: Validity: Not Before: 2016/10/22 15:19:13
httprecv: X.509: Validity: Not After : 2017/10/22 15:19:13
httprecv: X.509: Subject Public Key Info: Public Key Algorithm: RSA (2048 bits)
httprecv: X.509: Extensions: Subject Alternative Name: DNS:cen06x64c.xen.wbcd.pl
httprecv: X.509: Extensions: Subject Alternative Name: DNS:cen06x64c1.xen.wbcd.pl
httprecv: X.509: Extensions: Subject Alternative Name: DNS:cen06x64c2.xen.wbcd.pl
httprecv: X.509: Extensions: Subject Alternative Name: DNS:cen06x64c3.xen.wbcd.pl
httprecv: X.509: Extensions: Basic Constraints:  CA:TRUE
https://10.41.0.57:443/ dnsq=0.000, conn=0.011, socktls=0.041, send=0.000, wait=0.059, recv=0.000, summ=0.122, size=32, speed=249900, result=200:HTTP/1.1 200 OK

#top Protocol Secure¶

#top Remove Service Version Information¶

#
# Don't give away too much information about all the subcomponents
# we are running.  Comment out this line if you don't mind remote sites
# finding out what major optional modules you are running
ServerTokens Prod
[...]
#
# Optionally add a line containing the server version and virtual host
# name to server-generated pages (internal error documents, FTP directory
# listings, mod_status and mod_info output etc., but not CGI generated
# documents or custom error documents).
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
# Set to one of:  On | Off | EMail
#
ServerSignature Off
[...]
Header unset X-Powered-By
Header unset X-Via

#top Add HTTP Response Headers Security¶

Zobacz także Add HTTP Response Headers Security dla: Apache | Nginx | Lighttpd | thttpd | HAProxy | Varnish | SQUID
Zobacz także Add HTTP Response Headers Security dla: ProFTPd | Pure-FTPd | vsftpd | Postfix | Dovecot | OpenLDAP
Zobacz także Add HTTP Response Headers Security dla: pgpool | PostgreSQL | MySQL | Firebird

(Zobacz sekcję HTTP Header Add)

Strict-Transport-Security: RFC6797, mozilla.org (mozilla.org),
X-XSS-Protection: RFC-draft, mozilla.org, microsoft.com,
X-Frame-Options: RFC7034, mozilla.org, microsoft.com, microsoft.com,
X-Content-Type-Options: mozilla.org,
Content-Security-Policy: RFC7762, mozilla.org, mozilla.org,

EXAMPLES

<VirtualHost *:443>
ServerName cen06x64.xen.wbcd.pl
ServerAlias cen06x64.xen.wbcd.pl
ServerAdmin admin@cen06x64.xen.wbcd.pl
ServerPath /srv/http/vhosts/cen06x64.xen.wbcd.pl
DocumentRoot /srv/http/vhosts/cen06x64.xen.wbcd.pl/
ErrorLog /var/log/httpd/cen06x64_xen_wbcd_pl-ssl-error.log
CustomLog /var/log/httpd/cen06x64_xen_wbcd_pl-access.log combinedpe

Header add Strict-Transport-Security: "max-age=15552000; includeSubDomains"
Header add X-XSS-Protection: "1; mode=block"
Header add X-Frame-Options: "SAMEORIGIN"
Header add X-Content-Type-Options: "nosniff"
Header add Content-Security-Policy: "default-src 'self' cen06x64.xen.wbcd.pl"

SSLEngine on
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:!RC4:RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile    /etc/pki/tls/certs/cen06x64.xen.wbcd.pl.pem
SSLCertificateKeyFile /etc/pki/tls/certs/cen06x64.xen.wbcd.pl.pem
SSLCACertificateFile  /etc/pki/tls/certs/ca-bundle.crt

BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
</VirtualHost>

#top TLS Secure¶

#top Disable SSLv2/SSLv3 Protocols¶

#top Disable weak Cipher Suites¶

#top Disable RC4 CipherSuite¶

#top Disable Anonymous CipherSuite¶

#top Disable SSL Compression¶

The openssl packages in Red Hat Enterprise Linux 5 (starting with RHBA-2009:0181 update released in Red Hat Enterprise Linux 5.3) and 6, and also in Fedora, contain a patch that makes the library check if OPENSSL_NO_DEFAULT_ZLIB environment variable is set (can have arbitrary value, even empty string) and disable the default zlib support.

Setting the OPENSSL_NO_DEFAULT_ZLIB environment variable before starting a client or a server application using OpenSSL can be used to disable zlib compression support and hence mitigate this flaw. For example, httpd with mod_ssl has compression enabled by default in Red Hat Enterprise Linux 5 and 6, and hence it is used when client also supports it. Adding the following line to the /etc/sysconfig/httpd file:

export OPENSSL_NO_DEFAULT_ZLIB=1

and restarting the httpd service disables the use of SSL/TLS compression in mod_ssl and the compression will not be negotiated even when connecting client supports it. Note that this environment variable only affects the use of SSL/TLS protocol compression and does not affect the use of HTTP protocol compression implemented by the mod_deflate module.

CVE-2012-4929 SSL/TLS CRIME attack against HTTPS

The MITRE CVE dictionary describes this issue as:

The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack.

Find out more about CVE-2012-4929 from the MITRE CVE dictionary and NIST NVD.

Vulnerability Summary for CVE-2009-1891

The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack.

#top Set custom DH parameters¶

DH parameter interoperability with primes > 1024 bit

Beginning with version 2.2.30, mod_ssl makes use of standardized DH parameters with prime lengths of 2048, 3072, 4096, 6144 and 8192 bits (from RFC 3526), and hands them out to clients based on the length of the certificate's RSA/DSA key. With Java-based clients in particular (Java 7 or earlier), this may lead to handshake failures - see this FAQ answer for working around such issues.

To generate custom DH parameters, use the openssl dhparam 1024 command. Alternatively, you can use the following standard 1024-bit DH parameters from RFC 2409, section 6.2:

-----BEGIN DH PARAMETERS-----
MIGHAoGBAP//////////yQ/aoiFowjTExmKLgNwc0SkCTgiKZ8x0Agu+pjsTmyJR
Sgh5jjQE3e+VGbPNOkMbMCsKbfJfFDdP4TVtbVHCReSFtXZiXn7G9ExC6aY37WsL
/1y29Aa37e44a/taiZ+lrp8kEXxLH+ZJKGZR7OZTgf//////////AgEC
-----END DH PARAMETERS-----

Add the custom parameters including the "BEGIN DH PARAMETERS" and "END DH PARAMETERS" lines to the end of the first certificate file you have configured using the SSLCertificateFile directive.

#top Avoid certificates with Signature Algorithm: SHA1¶

After Jan. 1, 2016, Firefox will present an "Untrusted Connection" error when a newly issued SHA-1 certificate is encountered, and after Jan. 1, 2017, Firefox will present an "Untrusted Connection" error whenever a SHA-1 certificate is encountered at all, according to a Tuesday post.

SHA-1 has been around for nearly two decades, and in recent years researchers have demonstrated SHA-1 mathematical weaknesses that could be exploited given enough time and computing power, Richard Barnes, engineering manager, cryptography and PKI, with Mozilla, told SCMagazine.com in a Wednesday email correspondence.

Mozilla Security Blog

Many of the certificates used by secure websites today are signed using algorithms based on a hash algorithm called SHA-1. The integrity of the hash algorithm used in signing a certificate is a critical element in the security of the certificate. Weaknesses in hash algorithms can lead to situations in which attackers can obtain fraudulent certificates. Mozilla, along with other browser vendors, is working on a plan to phase out support for the SHA-1 hash algorithm.

SHA-1 is nearly twenty years old, and is beginning to show its age. In the last few years, collision attacks undermining some properties of SHA-1 have been getting close to being practical. Collision attacks against the older MD5 hash algorithm have been used to obtain fraudulent certificates, so the improving feasibility of collision attacks against SHA-1 is concerning. In order to avoid the need for a rapid transition should a critical attack against SHA-1 be discovered, we are proactively phasing out SHA-1.

Zmodyfikowany ostatnio: 2018/04/11 23:28:36 (6 lat temu), textsize: 106 kB, htmlsize: 141 kB

Zapraszam do komentowania, zgłaszania sugestii, propozycji, własnych przykładów, ...

Dodaj komentarzKomentarze użytkowników