Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

Following instruction on this page you can test if your client can trust certificate presented by our servers.

On the host that runs your service run the next command:

curl -o /dev/null -s -vvv https://my.patientsknowbest.com

Expected success output

*   Trying 35.246.122.93:443...
* Connected to my.patientsknowbest.com (35.246.122.93:443) port 443 (#0)
...
* Connection #0 to host my.patientsknowbest.com left intact

Connection #0 to host my.patientsknowbest.com left intact indicates that the OS trusts the root CA we used to issue our server certificate.

TIP: Version of your integration engine running on the given host might not trust the root CA we picked.

NEXT: Consult documentation of your integration enginge to see what root CAs it supports.

TIP: Version of the runtime environment of your integration engine might not support the root CA. E.g.: older java versions don’t trust Let’s Encrypt root certs.

NEXT: Explore ways to update your client software and/or its runtime environment.

Expected failure output

*   Trying 2606:4700:10::6816:1cac:443...
* Connected to my.patientsknowbest.com (35.246.122.93:443) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS header, Unknown (21):
* TLSv1.3 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

curl: (60) SSL certificate problem: unable to get local issuer certificate indicates that client and server does not share any CA they both trust.

TIP: Version of your integration engine running on the given host might not trust the root CA we picked.

NEXT: Consult documentation of your integration enginge to see what root CAs it supports.

TIP: client software might be outdated or missing security updates (can be OS and/or integration engine version).

NEXT: Explore ways to update your client software and/or its runtime environment.

  • No labels