This morning I was going to login to slack from the command line and saw the following message:
┌───────────────────────┤SSL Certificate Verification├────────────────────────┐ │Accept certificate for slack.com? │ │ │ │The certificate for slack.com could not be validated. │ │ │ │The certificate is not trusted because no certificate that can verify it is │ │currently trusted. │ │ │ │ ┌────────┐ ┌────────┐ ┌──────────────────────┐ │ │ │ Accept │ │ Reject │ │ _View Certificate... │ │ │ └────────┘ └────────┘ └──────────────────────┘ │ └─────────────────────────────────────────────────────────────────────────────┘Let's probulate a bit:
┌──────────────────────────┤Certificate Information├──────────────────────────┐ │Certificate Information │ │ │ │Common name: slack.com │ │ │ │Issued By: CN=R3,O=Let's Encrypt,C=US │ │ │ │Fingerprint (SHA1): 76:bc:49:94:88:fa:90:d6:59:3c:04:0d:81:81:67:58:35:ce:a0 │ │:d5 │ │ │ │Activation date: Thu Mar 2 07:32:27 2023 │ │ │ │Expiration date: Wed May 31 07:32:26 2023 │ │ │ │SHA256: 25:6f:90:6b:16:b5:1b:4a:27:27:55:19:9d:1a:76:61:11:b0:d2:7c:6b:b6:b6 │ │:36:48:ac:c5:5a:6c:92:8f:80 │ │ │ │ ┌─────────────────────────┐ ┌───────┐ │ │ │ View Issuer Certificate │ │ Close │ │ │ └─────────────────────────┘ └───────┘ │ └─────────────────────────────────────────────────────────────────────────────┘So,
- They are using Let's Encrypt
- The certificate is renewed every month
- The new certificate is not enabled yet (it is 7:20h right now)
┌────┤Certificate Information├────┐icate Verification├────────────────────────┐ │ │ │ │Unable to find Issuer Certificate│ │ │ ┌────┐ │d not be validated. │ │ │ OK │ │ │ │ └────┘ │ause no certificate that can verify it is │ └─────────────────────────────────┘ │ │ │ │ ┌────────┐ ┌────────┐ ┌──────────────────────┐ │ │ │ Accept │ │ Reject │ │ _View Certificate... │ │ │ └────────┘ └────────┘ └──────────────────────┘ │ └─────────────────────────────────────────────────────────────────────────────┘Very interesting. How about from the command line?
user@desktop:~$ echo ''|openssl s_client -connect slack.com:443 | openssl \ x509 -noout -enddate -startdate depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = R3 verify return:1 depth=0 CN = slack.com verify return:1 DONE notAfter=May 31 07:32:26 2023 GMT notBefore=Mar 2 07:32:27 2023 GMT user@desktop:~$Now you too know!