person-setup-machine

FAQ

Certificate failure connecting to auth.__MYDOMAIN__

Certificate failure connecting to auth.__MYDOMAIN__

A

Certificate failure connecting to auth.__MYDOMAIN__

Category: Connector Diagnostics

If you see a TLS/SSL certificate when starting (or installing) the connector, it usually indicates there is a SSL-inspecting firewall on site.

If you have a openssl installed, you can run this command:

openssl s_client -showcerts -servername auth.__MYDOMAIN__ -connect auth.__MYDOMAIN__:443 </dev/null

It should emit something like below, note the ISRG Root X1 and the Let’s Encrypt.

root@rtr:~# openssl s_client -showcerts -servername auth.agilicus.com -connect auth.agilicus.com:443 </dev/null
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R10
verify return:1
depth=0 CN = auth.agilicus.com
verify return:1
---
Certificate chain
 0 s:CN = auth.agilicus.com
   i:C = US, O = Let's Encrypt, CN = R10
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Feb 13 09:47:07 2025 GMT; NotAfter: May 14 09:47:06 2025 GMT
-----BEGIN CERTIFICATE-----
MIIE8jCCA9qgAwIBAgISA8KDmAmZrQROkCo9atCLeVDYMA0GCSqGSIb3DQEBCwUA
MDMxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQwwCgYDVQQD
EwNSMTAwHhcNMjUwMjEzMDk0NzA3WhcNMjUwNTE0MDk0NzA2WjAcMRowGAYDVQQD
ExFhdXRoLmFnaWxpY3VzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL1IA85qUqUSo3jKR6vNgLDRqPYsriX1R7kEoiCZfeMoPnWpia70meCezHy8
BdHs3Vhav1jLQvv3VUa+0ouh61qZMZ5daDnshdn/mgcNlvheqxC7gLBo+uRLuMDA
96w6pm51Mo7UCwj+/CDhDNVbhTG1wCgsgYKZYs4v3epXzLgY1U9U+YH0Y7Lbwq2l
jWw+AOAAozEiOKUMwOQwYut476UOaOkoAUx9tcDAssj4NwJ8mwGUeerZ9larOv0y
Y4NSW/Mc+aIpOotZQ9Qvs3v1z8U5/JWPuUqCyag0pnYs+IZXFo5sZBV/9Mevoyoq
wRjOS4CFfpaVix7x04tlEFxvnRMCAwEAAaOCAhUwggIRMA4GA1UdDwEB/wQEAwIF
oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAd
BgNVHQ4EFgQUWKF8pzlpBAyy6BgVJ4XYjGclipkwHwYDVR0jBBgwFoAUu7zDR6Xk
vKnGw6RyDBCNojXhyOgwVwYIKwYBBQUHAQEESzBJMCIGCCsGAQUFBzABhhZodHRw
Oi8vcjEwLm8ubGVuY3Iub3JnMCMGCCsGAQUFBzAChhdodHRwOi8vcjEwLmkubGVu
Y3Iub3JnLzAcBgNVHREEFTATghFhdXRoLmFnaWxpY3VzLmNvbTATBgNVHSAEDDAK
MAgGBmeBDAECATCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2AMz7D2qFcQll/pWb
U87psnwi6YVcDZeNtql+VMD+TA2wAAABlP7qBrsAAAQDAEcwRQIhALEu1X27I+ri
KPr8YHbJkoJC5MrRcyty17i1dSsofSv5AiB7Z1So5zkm+P0YoB1YA565NahOS1eo
xCnzBYkhjzcEPQB2AKLjCuRF772tm3447Udnd1PXgluElNcrXhssxLlQpEfnAAAB
lP7qBrMAAAQDAEcwRQIhAL/i58WlCBWAELpFjiDDSLZFTY8HReOhUUN20Srp928b
AiBenIEa3TXkLpROo+s8JLwrSe+3IeStW1461Pm+256ssjANBgkqhkiG9w0BAQsF
AAOCAQEAt7c/TU7oHw4v8KAMzTHicT/uugTty0mdzl8tw+G30TO6SGKdn79ddhPa
052d4S2SoEW1p9r3OrpzjMZEywEG4hN4MS6vsILTKKQ0BFKEjqWkTz5YH+oWjwiJ
ABlaajkTcLbiBk8xcDVR0TpND7sjMAqurRf/cFeuGevsAACdY7S4swMIPp1OXdZb
cSXkZ3ET6NpItL/WfF0JG9ke3OVrtaF9mETG1Hvy/lHkUP2qTSrV3GLqG+tOPEfH
KzQCaDOPHZt9V82finAqRYCOOdeB41REF2uoBrokCc5qm7flyzsUVGhkOuleoorj
utKYMp7QRmHn2LCAgfYctnRoIrm1pA==
-----END CERTIFICATE-----
 1 s:C = US, O = Let's Encrypt, CN = R10
   i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Mar 13 00:00:00 2024 GMT; NotAfter: Mar 12 23:59:59 2027 GMT
-----BEGIN CERTIFICATE-----
MIIFBTCCAu2gAwIBAgIQS6hSk/eaL6JzBkuoBI110DANBgkqhkiG9w0BAQsFADBP
MQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFy
Y2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBYMTAeFw0yNDAzMTMwMDAwMDBa
Fw0yNzAzMTIyMzU5NTlaMDMxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBF
bmNyeXB0MQwwCgYDVQQDEwNSMTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDPV+XmxFQS7bRH/sknWHZGUCiMHT6I3wWd1bUYKb3dtVq/+vbOo76vACFL
YlpaPAEvxVgD9on/jhFD68G14BQHlo9vH9fnuoE5CXVlt8KvGFs3Jijno/QHK20a
/6tYvJWuQP/py1fEtVt/eA0YYbwX51TGu0mRzW4Y0YCF7qZlNrx06rxQTOr8IfM4
FpOUurDTazgGzRYSespSdcitdrLCnF2YRVxvYXvGLe48E1KGAdlX5jgc3421H5KR
mudKHMxFqHJV8LDmowfs/acbZp4/SItxhHFYyTr6717yW0QrPHTnj7JHwQdqzZq3
DZb3EoEmUVQK7GH29/Xi8orIlQ2NAgMBAAGjgfgwgfUwDgYDVR0PAQH/BAQDAgGG
MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATASBgNVHRMBAf8ECDAGAQH/
AgEAMB0GA1UdDgQWBBS7vMNHpeS8qcbDpHIMEI2iNeHI6DAfBgNVHSMEGDAWgBR5
tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAKG
Fmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0gBAwwCjAIBgZngQwBAgEwJwYD
VR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVuY3Iub3JnLzANBgkqhkiG9w0B
AQsFAAOCAgEAkrHnQTfreZ2B5s3iJeE6IOmQRJWjgVzPw139vaBw1bGWKCIL0vIo
zwzn1OZDjCQiHcFCktEJr59L9MhwTyAWsVrdAfYf+B9haxQnsHKNY67u4s5Lzzfd
u6PUzeetUK29v+PsPmI2cJkxp+iN3epi4hKu9ZzUPSwMqtCceb7qPVxEbpYxY1p9
1n5PJKBLBX9eb9LU6l8zSxPWV7bK3lG4XaMJgnT9x3ies7msFtpKK5bDtotij/l0
GaKeA97pb5uwD9KgWvaFXMIEt8jVTjLEvwRdvCn294GPDF08U8lAkIv7tghluaQh
1QnlE4SEN4LOECj8dsIGJXpGUk3aU3KkJz9icKy+aUgA+2cP21uh6NcDIS3XyfaZ
QjmDQ993ChII8SXWupQZVBiIpcWO4RqZk3lr7Bz5MUCwzDIA359e57SSq5CCkY0N
4B6Vulk7LktfwrdGNVI5BsC9qqxSwSKgRJeZ9wygIaehbHFHFhcBaMDKpiZlBHyz
rsnnlFXCb5s8HKn5LsUgGvB24L7sGNZP2CX7dhHov+YhD+jozLW2p9W4959Bz2Ei
RmqDtmiXLnzqTpXbI+suyCsohKRg6Un0RC47+cpiVwHiXZAW+cn8eiNIjqbVgXLx
KPpdzvvtTnOPlC7SQZSYmdunr3Bf9b77AiC/ZidstK36dRILKz7OA54=
-----END CERTIFICATE-----
---
Server certificate
subject=CN = auth.agilicus.com
issuer=C = US, O = Let's Encrypt, CN = R10
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3054 bytes and written 403 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
DONE
RETURN TO FAQ 🔗

Learn More?

Contact 📧

Book a Meeting 📅

Try Agilicus AnyX ↗

Return to FAQ 🔗

Product Guide 🔗

Resource Library

Upcoming Events

Past Webinars

Case Studies

Info Sheets

Key Articles

White Papers

Brochures

Videos