Just noticed Firefox complaining about a bad cert on LinkedIn:
# openssl s_client -showcerts -connect www.linkedin.com:443
CONNECTED(00000003) depth=0 /C=US/ST=California/L=Mountain View/O=LinkedIn Corporation/CN=www.linkedin.com verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 /C=US/ST=California/L=Mountain View/O=LinkedIn Corporation/CN=www.linkedin.com verify error:num=27:certificate not trusted verify return:1 depth=0 /C=US/ST=California/L=Mountain View/O=LinkedIn Corporation/CN=www.linkedin.com verify error:num=21:unable to verify the first certificate verify return:1 --- Certificate chain 0 s:/C=US/ST=California/L=Mountain View/O=LinkedIn Corporation/CN=www.linkedin.com i:/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA -----BEGIN CERTIFICATE----- MIIFKDCCBBCgAwIBAgIQDNq1J0qHKyBzE3L2tPlfFTANBgkqhkiG9w0BAQsFADBN MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5E aWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTMxMjIwMDAwMDAwWhcN MTYxMjMwMTIwMDAwWjB0MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5p YTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEdMBsGA1UEChMUTGlua2VkSW4gQ29y cG9yYXRpb24xGTAXBgNVBAMTEHd3dy5saW5rZWRpbi5jb20wggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQDonjtjfyzzJpMwPemr/7SILcI3tYASHCZFCYAj cKilx5uzUQ3SbVy9c756arI7XHiMYYko01hr/+qSSJ/In1bu1hG1zx5BppF++OHS ZT6dmtlmBXx1zOSp7rBkejXPXDBoQU6sRPhrh/6hiy3tmt/nvdLRJSFZzHhHUfAQ hjdF9HBnpZt9ybPfg/Mgh91GM3MQBYqQr+NRvS5o64Vc0Hl+bCfTdwHKU8b61U0T wvIlogZtr3XtiojKkiHspifDjVAqBN80CAUAe2FCIsjXDNl5gO+xpjKAWwGVs1fi /JzcOZzoHrKhPNj7geF+I5dhQ2rK3g4RWgEGMjFCVxsXxdhFAgMBAAGjggHbMIIB 1zAfBgNVHSMEGDAWgBQPgGEcgjFh1S8o541GOLQs4cbZ4jAdBgNVHQ4EFgQUSdvg SgTuENyanFYdq/abApsMrJIwKQYDVR0RBCIwIIIQd3d3LmxpbmtlZGluLmNvbYIM bGlua2VkaW4uY29tMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcD AQYIKwYBBQUHAwIwawYDVR0fBGQwYjAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNl cnQuY29tL3NzY2Etc2hhMi1nMy5jcmwwL6AtoCuGKWh0dHA6Ly9jcmw0LmRpZ2lj ZXJ0LmNvbS9zc2NhLXNoYTItZzMuY3JsMEIGA1UdIAQ7MDkwNwYJYIZIAYb9bAEB MCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwfAYI KwYBBQUHAQEEcDBuMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5j b20wRgYIKwYBBQUHMAKGOmh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdp Q2VydFNIQTJTZWN1cmVTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADANBgkqhkiG 9w0BAQsFAAOCAQEAwaqukz1VifDjF2iVr6QzT4XX6hS0A6ZZO9u9SJH3/EDGsV5j 0H3Z7X62zHoXd4g4J8QUvfZ1etXFg685JFDyq1XHdpMl5uLc37H+3SXFEqsWSVUN 16HZQ49IiyHXDssxf9rKBpXRrSxAclfIrP9reC6BMAMxnF0cNrSuWgUIHCLxi3kQ sUfjeJaRUWV1JdOVEJxTcrfM0HxycjoC5J+MQ5rlrWx+GPgeMGyQIGM4v2xGEXXp XQEunwG92tLfMY0Dd4SUD0XIRlidQbREWz73NxqLyFap9lghcGdZMiVQSaGp7c8Y vqQpESlJ2IQLnTMfbxN30WZnh4F2AGjltIT0cQ== -----END CERTIFICATE----- --- Server certificate subject=/C=US/ST=California/L=Mountain View/O=LinkedIn Corporation/CN=www.linkedin.com issuer=/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA --- No client certificate CA names sent --- SSL handshake has read 1493 bytes and written 456 bytes --- New, TLSv1/SSLv3, Cipher is AES128-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : AES128-SHA Session-ID: 3158782D9374A7757632BCB6ED7980C3E7B36ABFD31B7448919C91B60151CC0A Session-ID-ctx: Master-Key: E3D2C374D16040B51BE6490F4DAFABC329DA94914165B6515F02F8E65DCE9683E62BFAC274942DFA0BABA5E2B3E32A3E Key-Arg : None Start Time: 1428692560 Timeout : 300 (sec) Verify return code: 21 (unable to verify the first certificate)
Just noticed Firefox complaining about a bad cert on LinkedIn:
# openssl s_client -showcerts -connect www.linkedin.com:443
CONNECTED(00000003) depth=0 /C=US/ST=California/L=Mountain View/O=LinkedIn Corporation/CN=www.linkedin.com verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 /C=US/ST=California/L=Mountain View/O=LinkedIn Corporation/CN=www.linkedin.com verify error:num=27:certificate not trusted verify return:1 depth=0 /C=US/ST=California/L=Mountain View/O=LinkedIn Corporation/CN=www.linkedin.com verify error:num=21:unable to verify the first certificate verify return:1 --- Certificate chain 0 s:/C=US/ST=California/L=Mountain View/O=LinkedIn Corporation/CN=www.linkedin.com i:/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA -----BEGIN CERTIFICATE----- MIIFKDCCBBCgAwIBAgIQDNq1J0qHKyBzE3L2tPlfFTANBgkqhkiG9w0BAQsFADBN MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5E aWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTMxMjIwMDAwMDAwWhcN MTYxMjMwMTIwMDAwWjB0MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5p YTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEdMBsGA1UEChMUTGlua2VkSW4gQ29y cG9yYXRpb24xGTAXBgNVBAMTEHd3dy5saW5rZWRpbi5jb20wggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQDonjtjfyzzJpMwPemr/7SILcI3tYASHCZFCYAj cKilx5uzUQ3SbVy9c756arI7XHiMYYko01hr/+qSSJ/In1bu1hG1zx5BppF++OHS ZT6dmtlmBXx1zOSp7rBkejXPXDBoQU6sRPhrh/6hiy3tmt/nvdLRJSFZzHhHUfAQ hjdF9HBnpZt9ybPfg/Mgh91GM3MQBYqQr+NRvS5o64Vc0Hl+bCfTdwHKU8b61U0T wvIlogZtr3XtiojKkiHspifDjVAqBN80CAUAe2FCIsjXDNl5gO+xpjKAWwGVs1fi /JzcOZzoHrKhPNj7geF+I5dhQ2rK3g4RWgEGMjFCVxsXxdhFAgMBAAGjggHbMIIB 1zAfBgNVHSMEGDAWgBQPgGEcgjFh1S8o541GOLQs4cbZ4jAdBgNVHQ4EFgQUSdvg SgTuENyanFYdq/abApsMrJIwKQYDVR0RBCIwIIIQd3d3LmxpbmtlZGluLmNvbYIM bGlua2VkaW4uY29tMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcD AQYIKwYBBQUHAwIwawYDVR0fBGQwYjAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNl cnQuY29tL3NzY2Etc2hhMi1nMy5jcmwwL6AtoCuGKWh0dHA6Ly9jcmw0LmRpZ2lj ZXJ0LmNvbS9zc2NhLXNoYTItZzMuY3JsMEIGA1UdIAQ7MDkwNwYJYIZIAYb9bAEB MCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwfAYI KwYBBQUHAQEEcDBuMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5j b20wRgYIKwYBBQUHMAKGOmh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdp Q2VydFNIQTJTZWN1cmVTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADANBgkqhkiG 9w0BAQsFAAOCAQEAwaqukz1VifDjF2iVr6QzT4XX6hS0A6ZZO9u9SJH3/EDGsV5j 0H3Z7X62zHoXd4g4J8QUvfZ1etXFg685JFDyq1XHdpMl5uLc37H+3SXFEqsWSVUN 16HZQ49IiyHXDssxf9rKBpXRrSxAclfIrP9reC6BMAMxnF0cNrSuWgUIHCLxi3kQ sUfjeJaRUWV1JdOVEJxTcrfM0HxycjoC5J+MQ5rlrWx+GPgeMGyQIGM4v2xGEXXp XQEunwG92tLfMY0Dd4SUD0XIRlidQbREWz73NxqLyFap9lghcGdZMiVQSaGp7c8Y vqQpESlJ2IQLnTMfbxN30WZnh4F2AGjltIT0cQ== -----END CERTIFICATE----- --- Server certificate subject=/C=US/ST=California/L=Mountain View/O=LinkedIn Corporation/CN=www.linkedin.com issuer=/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA --- No client certificate CA names sent --- SSL handshake has read 1493 bytes and written 456 bytes --- New, TLSv1/SSLv3, Cipher is AES128-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : AES128-SHA Session-ID: 3158782D9374A7757632BCB6ED7980C3E7B36ABFD31B7448919C91B60151CC0A Session-ID-ctx: Master-Key: E3D2C374D16040B51BE6490F4DAFABC329DA94914165B6515F02F8E65DCE9683E62BFAC274942DFA0BABA5E2B3E32A3E Key-Arg : None Start Time: 1428692560 Timeout : 300 (sec) Verify return code: 21 (unable to verify the first certificate)