SSL Certificate - Error on Postman

Paulo_Luvisoto · April 27, 2024, 6:02pm

1. The problem I’m having:

I have a valid certificate file, and I use it at apache server with this three lines:

	SSLCertificateFile /opt/certs/go2.audtaxcard.com.br.crt
	SSLCertificateKeyFile /opt/certs/audtaxcard.key
	SSLCertificateChainFile /opt/certs/go2.audtaxcard.com.br.ca-bundle

Is works perfectly. I access my test page in browser, or curl or postman, without any problem. Now, for test purposes, I’m trying to use Caddy instead Apache. So I stopped Apache server, and Started Caddy with the line:

tls /opt/certs/go2.audtaxcard.com.br.crt /opt/certs/audtaxcard.key

Now, when I’m trying my page in browser, it works perfectly too. No one error or warning is showed. But when I try to call it with the Postman, the page is showed too, but it shows me an icon error with the message “Unable to verify the first certificate”. Why does it happen? At Apache this error message don’t occurs. I’m forgetting something at my Caddyfile?
I see that apache user a third file called go2.audtaxcard.com.br.ca-bundle. Should I used it at caddyfile too? If yes, how do I do it?

2. Error messages and/or full log output:

Unable to verify first certificate

3. Caddy version:

v2.7.6 h1:w0NymbG2m9PcvKWsrXO6EEkY9Ru4FJK8uQbYcev1p3A=

4. How I installed and ran Caddy:

Using the binary

a. System environment:

Debian Linux 11

b. Command:

sudo caddy run --config Caddyfile

d. My complete Caddy config:

go2.audtaxcard.com.br:443 {

    root * /home/paulo/projeto_php
    php_fastcgi 127.0.0.1:9000
    encode gzip
    file_server 

    try_files {path} index.html index.htm index.php

    tls /opt/certs/go2.audtaxcard.com.br.crt /opt/certs/audtaxcard.key
    
}

Bruce5051 · April 28, 2024, 12:12am

Hello @Paulo_Luvisoto,

I suspect the domain name being expired is the issue.

ICANN is showing the domain name as expired

Bruce5051 · April 28, 2024, 12:34am

Also for the Domain Status: Inactive
You can read what ICAAN’s Inactive implies https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en#inactive

Paulo_Luvisoto · April 28, 2024, 1:50pm

Sorry, actually the domain “meudominio” doesn’t exists. I changed the name because I didn’t want to post my real domain here.
But how you offer to help me, I will post my real domain. Please forgive me if I didn’t explain before.

My real domain with a test page is:

https://go2.audtaxcard.com.br/index.html

You can access the page above in browser or curl, and you will see it works perfectly.
This page will show the message “Test Page 0001”. Note that SSL works ok.
Please don’t call the URL without the “index.html” or a redirect will happen.
So, please test with “index.html” page.

My problem: my page works ok at the browse or uisng curl tool. But if I call it at the Postman toll, the page is showed too, but postman show a icon with the message “Unable to verify the first certificate”.
Why does this message appear?

thank you very much, and again, sorry about the fake domain mistake.

Paulo_Luvisoto · April 28, 2024, 2:01pm

I edited my post putting the real domain at my Caddyfile

Bruce5051 · April 28, 2024, 6:27pm

Hi @Paulo_Luvisoto,

Here is the presently being served certificate, crt.sh | 11409875527, and the chain SSL Checker
Hardenize Report: go2.audtaxcard.com.br
SSL Server Test: go2.audtaxcard.com.br (Powered by Qualys SSL Labs)
reporting this " Chain Issues: The chain doesn’t contain any intermediate certificates".

That can cause issue for applications the “need” the intermediate certificates.

Here reports " Not trusted The certificate was issued by Sectigo RSA Domain Validation Secure Server CA, which is not a trusted authority." “This is most likely because the servers’ certificate chain is not installed correctly.”
https://www.wormly.com/test_ssl/h/go2.audtaxcard.com.br/i/74.50.98.73/p/443

That would be an issue for any application that does not trust " The certificate was issued by Sectigo RSA Domain Validation Secure Server CA , which is not a trusted authority."

Paulo_Luvisoto · April 28, 2024, 6:42pm

Hi

I think that’s missing the file go2.audtaxcard.com.br.ca-bundle, that’s the third file that I use in Apache.
When I use the three files in Apache, the error message doesn’t happen.
But at the Caddy, I didn’t find where to use the third file…

Bruce5051 · April 28, 2024, 6:52pm

@Paulo_Luvisoto often one needs a fullchain.pem which is a concatenation of the issued certificate followed by each intermediate certificate in the chain up to but not including the trusted anchor certificate.

Bruce5051 · April 28, 2024, 6:59pm

Thus the issued certificate for go2.audtaxcard.com.br followed by the intermediate certificate for “Sectigo RSA Domain Validation Secure Server CA” and that would be it; only those 2 cerificates in fullchain.pem file for this specific case.

Bruce5051 · April 28, 2024, 7:00pm

Hi @Paulo_Luvisoto,

This may help also Comodo Knowledge Base

Edit: this is what I come up with for a fullchain.pem.

Paulo_Luvisoto · April 28, 2024, 7:30pm

I have two files containing blocks “BEGIN CERTIFICATE” and “END CERTIFICATE”. The files are: go2.audtaxcard.com.br.crt and go2.audtaxcard.com.br.ca-bundle.
The file go2.audtaxcard.com.br.crt contains one block, and the go2.audtaxcard.com.br.ca-bundle contains three blocks.
Must I merge this files to a new file called fullchain.pem ?

Paulo_Luvisoto · April 28, 2024, 7:58pm

Ok, I will try it

Paulo_Luvisoto · April 28, 2024, 8:36pm

The solution!!!

cat go2.audtaxcard.com.br.ca-bundle >> go2.audtaxcard.com.br.crt

Paulo_Luvisoto · April 28, 2024, 8:37pm

Thank you very much for your help, specially in a sunday

Bruce5051 · April 28, 2024, 8:37pm

Excellent @Paulo_Luvisoto glad you found a solution!

Bruce5051 · April 28, 2024, 8:59pm

FYI - and this is what I presently see being served.

$ openssl s_client -showcerts -servername go2.audtaxcard.com.br -connect go2.audtaxcard.com.br:443 < /dev/null
CONNECTED(00000003)
depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
verify return:1
depth=1 C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA
verify return:1
depth=0 CN = go2.audtaxcard.com.br
verify return:1
---
Certificate chain
 0 s:CN = go2.audtaxcard.com.br
   i:C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Dec 18 00:00:00 2023 GMT; NotAfter: Jan  3 23:59:59 2025 GMT
-----BEGIN CERTIFICATE-----
MIIGtTCCBZ2gAwIBAgIQYRlj81/NQsODke3NJ5Al1DANBgkqhkiG9w0BAQsFADCB
jzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTcwNQYDVQQD
Ey5TZWN0aWdvIFJTQSBEb21haW4gVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENB
MB4XDTIzMTIxODAwMDAwMFoXDTI1MDEwMzIzNTk1OVowIDEeMBwGA1UEAxMVZ28y
LmF1ZHRheGNhcmQuY29tLmJyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAoeSbi4AMDPere7gdQKrVTllW5zpG/O5UQFQkevMpjFZmA88B/lu8ZF9i6suV
hQ/7a9g0MsE5K61/oL7E0Jt0cVdtb/GtyanMBOMYPC9g07wHSTJHo0+CEtvFqFOj
7hLLwHqbD0+FWExkAiueZD2lCQ7gfMswYNyRlU3QuudJeEIpvhY0uZ9iXA8VXG2Q
1qhFZbapwB8R0Zbn8p0QeazahmbnfyN0vhT36VRiK8K9rLO/wgOG+Sd/tpTtlGEi
+gdRcyMpoJcJNJnsrMLM+LRvvFUlwfJWKITEdcmmQ7xXWViOxdJFTEJ/016tdO9M
FEj5g1zqvjTNqMv0XTUuGGzmnwIDAQABo4IDeTCCA3UwHwYDVR0jBBgwFoAUjYxe
xFStiuF36Zv5mwXhuAGNYeEwHQYDVR0OBBYEFF07PyHfIN0cuDwLz6ju6T7l3DiL
MA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUF
BwMBBggrBgEFBQcDAjBJBgNVHSAEQjBAMDQGCysGAQQBsjEBAgIHMCUwIwYIKwYB
BQUHAgEWF2h0dHBzOi8vc2VjdGlnby5jb20vQ1BTMAgGBmeBDAECATCBhAYIKwYB
BQUHAQEEeDB2ME8GCCsGAQUFBzAChkNodHRwOi8vY3J0LnNlY3RpZ28uY29tL1Nl
Y3RpZ29SU0FEb21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCMGCCsG
AQUFBzABhhdodHRwOi8vb2NzcC5zZWN0aWdvLmNvbTCCAXwGCisGAQQB1nkCBAIE
ggFsBIIBaAFmAHUAzxFW7tUufK/zh1vZaS6b6RpxZ0qwF+ysAdJbd87MOwgAAAGM
fk3M8gAABAMARjBEAiB3ljANcBw/x458fRabDMhaLtLRDO2QR8zwc1nsr63w9AIg
c7PIQtrbi3Q2vpPh0LmskDvESVWeyx/+znyYU/Xi45QAdQCi4wrkRe+9rZt+OO1H
Z3dT14JbhJTXK14bLMS5UKRH5wAAAYx+TcsGAAAEAwBGMEQCIBsnmzbRZBB9skR1
o2BmdVVsw7GJ7Y4aAFSF0b+SMbGPAiB2mJNO4DLEhq6W/He/BLOyzOBlGm6Lw03h
z8UEfbbffQB2AE51oydcmhDDOFts1N8/Uusd8OCOG41pwLH6ZLFimjnfAAABjH5N
yzEAAAQDAEcwRQIhAI44HaKBYXHbGHAHvGsWliwJ4pDroStV+8y505Z/dLHKAiAl
BuYBkq5nhoZ5LZnCid+cXWi2s0SB7rRTePamDLU+EDCBowYDVR0RBIGbMIGYghVn
bzIuYXVkdGF4Y2FyZC5jb20uYnKCEGFpLmF1ZHRheC5jb20uYnKCHGRldmVsb3Bl
cnMuYXVkdGF4Y2FyZC5jb20uYnKCEWVycC5hdWR0YXguY29tLmJyghVnbzMuYXVk
dGF4Y2FyZC5jb20uYnKCEXBheS5hdWR0YXguY29tLmJyghJzaWduLmF1ZHRheC5j
b20uYnIwDQYJKoZIhvcNAQELBQADggEBABl0nC4oYOoMhEJlKfbYSYwPvs4k/bVB
FApYYx1w2eUJedII+tRkNP8fV7iQ6klmZ4Rslvqa7EkO+jKaIkLYjJZa4w6u4rk0
vfP9jxSmFD8rWvYo2ONaG1vdkcWxDzo4G5ntlcPEnghDKZ8CKk0PoG7wQ9BPGK+R
s5eBrb/pO9vBvITIfilb1eGsjFzHe2zwTZO17fY9/d4RBx/9oDsahaKxHDPoYnR2
B0n4Y1m9DXRLg/oh7hXE6YFbqJSnwYovI6T/J1dcigixyIuLYmIohXDW3NcBDe4X
5rY/blcyEFlqWkXJnXqz5hJTPc+I2guI3b2hFGgWJJ2c2ENqes2AO0E=
-----END CERTIFICATE-----
 1 s:C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA
   i:C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA384
   v:NotBefore: Nov  2 00:00:00 2018 GMT; NotAfter: Dec 31 23:59:59 2030 GMT
-----BEGIN CERTIFICATE-----
MIIGEzCCA/ugAwIBAgIQfVtRJrR2uhHbdBYLvFMNpzANBgkqhkiG9w0BAQwFADCB
iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl
cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV
BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTgx
MTAyMDAwMDAwWhcNMzAxMjMxMjM1OTU5WjCBjzELMAkGA1UEBhMCR0IxGzAZBgNV
BAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEYMBYGA1UE
ChMPU2VjdGlnbyBMaW1pdGVkMTcwNQYDVQQDEy5TZWN0aWdvIFJTQSBEb21haW4g
VmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA1nMz1tc8INAA0hdFuNY+B6I/x0HuMjDJsGz99J/LEpgPLT+N
TQEMgg8Xf2Iu6bhIefsWg06t1zIlk7cHv7lQP6lMw0Aq6Tn/2YHKHxYyQdqAJrkj
eocgHuP/IJo8lURvh3UGkEC0MpMWCRAIIz7S3YcPb11RFGoKacVPAXJpz9OTTG0E
oKMbgn6xmrntxZ7FN3ifmgg0+1YuWMQJDgZkW7w33PGfKGioVrCSo1yfu4iYCBsk
Haswha6vsC6eep3BwEIc4gLw6uBK0u+QDrTBQBbwb4VCSmT3pDCg/r8uoydajotY
uK3DGReEY+1vVv2Dy2A0xHS+5p3b4eTlygxfFQIDAQABo4IBbjCCAWowHwYDVR0j
BBgwFoAUU3m/WqorSs9UgOHYm8Cd8rIDZsswHQYDVR0OBBYEFI2MXsRUrYrhd+mb
+ZsF4bgBjWHhMA4GA1UdDwEB/wQEAwIBhjASBgNVHRMBAf8ECDAGAQH/AgEAMB0G
A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAbBgNVHSAEFDASMAYGBFUdIAAw
CAYGZ4EMAQIBMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jcmwudXNlcnRydXN0
LmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDB2Bggr
BgEFBQcBAQRqMGgwPwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQudXNlcnRydXN0LmNv
bS9VU0VSVHJ1c3RSU0FBZGRUcnVzdENBLmNydDAlBggrBgEFBQcwAYYZaHR0cDov
L29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0BAQwFAAOCAgEAMr9hvQ5Iw0/H
ukdN+Jx4GQHcEx2Ab/zDcLRSmjEzmldS+zGea6TvVKqJjUAXaPgREHzSyrHxVYbH
7rM2kYb2OVG/Rr8PoLq0935JxCo2F57kaDl6r5ROVm+yezu/Coa9zcV3HAO4OLGi
H19+24rcRki2aArPsrW04jTkZ6k4Zgle0rj8nSg6F0AnwnJOKf0hPHzPE/uWLMUx
RP0T7dWbqWlod3zu4f+k+TY4CFM5ooQ0nBnzvg6s1SQ36yOoeNDT5++SR2RiOSLv
xvcRviKFxmZEJCaOEDKNyJOuB56DPi/Z+fVGjmO+wea03KbNIaiGCpXZLoUmGv38
sbZXQm2V0TP2ORQGgkE49Y9Y3IBbpNV9lXj9p5v//cWoaasm56ekBYdbqbe4oyAL
l6lFhd2zi+WJN44pDfwGF/Y4QA5C5BIG+3vzxhFoYt/jmPQT2BVPi7Fp2RBgvGQq
6jG35LWjOhSbJuMLe/0CjraZwTiXWTb2qHSihrZe68Zk6s+go/lunrotEbaGmAhY
LcmsJWTyXnW0OMGuf1pGg+pRyrbxmRE1a6Vqe8YAsOf4vmSyrcjC8azjUeqkk+B5
yOGBQMkKW+ESPMFgKuOXwIlCypTPRpgSabuY0MLTDXJLR27lk8QyKGOHQ+SwMj4K
00u/I5sUKUErmgQfky3xxzlIPK1aEn8=
-----END CERTIFICATE-----
 2 s:C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
   i:C = GB, ST = Greater Manchester, L = Salford, O = Comodo CA Limited, CN = AAA Certificate Services
   a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA384
   v:NotBefore: Mar 12 00:00:00 2019 GMT; NotAfter: Dec 31 23:59:59 2028 GMT
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgIQOXJEOvkit1HX02wQ3TE1lTANBgkqhkiG9w0BAQwFADB7
MQswCQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYD
VQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UE
AwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTE5MDMxMjAwMDAwMFoXDTI4
MTIzMTIzNTk1OVowgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5
MRQwEgYDVQQHEwtKZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBO
ZXR3b3JrMS4wLAYDVQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0
aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgBJlFzYOw9sI
s9CsVw127c0n00ytUINh4qogTQktZAnczomfzD2p7PbPwdzx07HWezcoEStH2jnG
vDoZtF+mvX2do2NCtnbyqTsrkfjib9DsFiCQCT7i6HTJGLSR1GJk23+jBvGIGGqQ
Ijy8/hPwhxR79uQfjtTkUcYRZ0YIUcuGFFQ/vDP+fmyc/xadGL1RjjWmp2bIcmfb
IWax1Jt4A8BQOujM8Ny8nkz+rwWWNR9XWrf/zvk9tyy29lTdyOcSOk2uTIq3XJq0
tyA9yn8iNK5+O2hmAUTnAU5GU5szYPeUvlM3kHND8zLDU+/bqv50TmnHa4xgk97E
xwzf4TKuzJM7UXiVZ4vuPVb+DNBpDxsP8yUmazNt925H+nND5X4OpWaxKXwyhGNV
icQNwZNUMBkTrNN9N6frXTpsNVzbQdcS2qlJC9/YgIoJk2KOtWbPJYjNhLixP6Q5
D9kCnusSTJV882sFqV4Wg8y4Z+LoE53MW4LTTLPtW//e5XOsIzstAL81VXQJSdhJ
WBp/kjbmUZIO8yZ9HE0XvMnsQybQv0FfQKlERPSZ51eHnlAfV1SoPv10Yy+xUGUJ
5lhCLkMaTLTwJUdZ+gQek9QmRkpQgbLevni3/GcV4clXhB4PY9bpYrrWX1Uu6lzG
KAgEJTm4Diup8kyXHAc/DVL17e8vgg8CAwEAAaOB8jCB7zAfBgNVHSMEGDAWgBSg
EQojPpbxB+zirynvgqV/0DCktDAdBgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rID
ZsswDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAG
BgRVHSAAMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwuY29tb2RvY2EuY29t
L0FBQUNlcnRpZmljYXRlU2VydmljZXMuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggr
BgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMA0GCSqGSIb3DQEBDAUA
A4IBAQAYh1HcdCE9nIrgJ7cz0C7M7PDmy14R3iJvm3WOnnL+5Nb+qh+cli3vA0p+
rvSNb3I8QzvAP+u431yqqcau8vzY7qN7Q/aGNnwU4M309z/+3ri0ivCRlv79Q2R+
/czSAaF9ffgZGclCKxO/WIu6pKJmBHaIkU4MiRTOok3JMrO66BQavHHxW/BBC5gA
CiIDEOUMsfnNkjcZ7Tvx5Dq2+UUTJnWvu6rvP3t3O9LEApE9GQDTF1w52z97GA1F
zZOFli9d31kWTz9RvdVFGD/tSo7oBmF0Ixa1DVBzJ0RHfxBdiSprhTEUxOipakyA
vGp4z7h/jnZymQyd/teRCBaho1+V
-----END CERTIFICATE-----
 3 s:C = GB, ST = Greater Manchester, L = Salford, O = Comodo CA Limited, CN = AAA Certificate Services
   i:C = GB, ST = Greater Manchester, L = Salford, O = Comodo CA Limited, CN = AAA Certificate Services
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA1
   v:NotBefore: Jan  1 00:00:00 2004 GMT; NotAfter: Dec 31 23:59:59 2028 GMT
-----BEGIN CERTIFICATE-----
MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEb
MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow
GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmlj
YXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVowezEL
MAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE
BwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNVBAMM
GEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQua
BtDFcCLNSS1UY8y2bmhGC1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe
3M/vg4aijJRPn2jymJBGhCfHdr/jzDUsi14HZGWCwEiwqJH5YZ92IFCokcdmtet4
YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4qMsXeDZR
rOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cm
ez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQU
oBEKIz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF
MAMBAf8wewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20v
QUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29t
b2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDANBgkqhkiG9w0BAQUF
AAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm7l3sAg9g1o1Q
GE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz
Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2
G9w84FoVxp7Z8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsi
l2D4kF501KKaU73yqWjgom7C12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3
smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg==
-----END CERTIFICATE-----
---
Server certificate
subject=CN = go2.audtaxcard.com.br
issuer=C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 6342 bytes and written 403 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
DONE

Bruce5051 · April 28, 2024, 9:04pm

And SSL Server Test: go2.audtaxcard.com.br (Powered by Qualys SSL Labs) shows this: