On Mon, Mar 25, 2019 at 4:54 PM Hermann-Josef Beckers <Hermann-Josef.Beckers@kreis-steinfurt.de> wrote:
wget --no-check-certificate https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-opensuse/* Warning: wildcards not supported in HTTP. --2019-03-25 14:43:48-- https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-opensuse/* Connecting to 10.X.Y.Z:3128... connected.
It is always amusing to see people hiding private addresses.
WARNING: cannot verify www.collaboraoffice.com's certificate, issued by ‘CN=mwg.MYGATEWAY.lokal,C=DE,ST=NRW,L=Steinfurt,O=Kreis Steinfurt’: Self-signed certificate encountered.
I doubt that collaboraoffice.com is self signed.
You apparently have intercepting proxy that terminates SSL stream so it has access to unencrypted data. Such gateways then establish new SSL connection to final destination. Is it proxy under your control?
Seems the (perhaps not) self signed certificate of my gateway must be inserted somewhere into the chain of trust?
Fortunately it is impossible - you cannot have single certificate that will match every other host name, so on next step certificate validation will fail because certificate host name will not match final host name. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org