How do I obtain Wasabi's current certificate chain?
In order to validate and obtain Wasabi's current certificate chain, you may run the command shown below and use the server certificate to configure your S3 backup application if they are required to be entered manually.
NOTE: This example discusses the use of Wasabi's us-east-1 storage region. To use other Wasabi storage regions, please use the appropriate Wasabi service URL as described in this article.
When using different storage regions, make sure to edit the connect url 's3.us-east-1.wasabisys.com:443'.
$ openssl s_client -connect s3.us-east-1.wasabisys.com:443 < /dev/null 2>/dev/null | openssl x509 -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
06:1d:53:46:3e:ce:d9:7a:39:7c:35:57:05:5e:39:89
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1
Validity
Not Before: Sep 7 00:00:00 2021 GMT
Not After : Oct 8 23:59:59 2022 GMT
Subject: C=US, ST=Massachusetts, L=BOSTON, O=Wasabi Technologies, Inc., CN=*.wasabisys.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d7:8a:35:6b:3f:4d:65:9d:fa:79:24:c9:c0:c6:
f0:b6:52:18:f9:f6:44:2a:75:44:19:85:b9:aa:16:
2f:e2:0d:1e:93:43:ea:0f:a3:c5:38:30:03:c4:2c:
0f:38:ff:d1:ef:f0:7d:9b:4f:dc:fb:ff:4f:56:c9:
40:2f:c2:a3:3b:b9:85:9e:ac:df:65:27:bc:21:ed:
4f:1f:9a:85:3d:dc:26:d3:75:ad:3c:ae:3d:0f:c5:
4a:0b:cd:f3:7e:11:38:bd:43:05:83:4a:8b:a4:5d:
1f:dc:a8:33:02:71:46:f4:bd:24:1c:1b:51:77:19:
27:32:0d:84:18:bb:ee:1b:26:58:13:2b:65:4d:95:
11:a6:f1:a0:e4:dc:0f:88:99:4b:27:08:25:74:bb:
c6:e5:17:37:7e:7e:c8:f2:f7:8f:a0:56:e0:b0:f5:
65:51:4b:e1:78:a2:5b:3c:c1:9d:42:ce:43:11:b0:
70:e8:41:7c:b0:56:23:42:2b:f7:6a:5b:75:bd:5d:
a9:ac:46:e9:7c:9f:d7:0b:92:28:90:19:91:c4:55:
c8:d8:ed:54:8e:02:5d:5a:6e:b6:d1:eb:c0:3f:92:
7d:03:b9:2f:96:08:e9:54:af:75:b0:74:65:f3:7f:
a9:52:e8:94:b0:41:c0:b6:02:40:fd:e1:72:d0:c9:
90:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:B7:6B:A2:EA:A8:AA:84:8C:79:EA:B4:DA:0F:98:B2:C5:95:76:B9:F4
X509v3 Subject Key Identifier:
11:49:1D:09:26:F8:4A:E5:BC:62:19:03:73:0B:49:E9:1E:A1:FA:A1
X509v3 Subject Alternative Name:
DNS:*.wasabisys.com, DNS:wasabisys.com
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl3.digicert.com/DigiCertTLSRSASHA2562020CA1-3.crl
Full Name:
URI:http://crl4.digicert.com/DigiCertTLSRSASHA2562020CA1-3.crl
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.2
CPS: http://www.digicert.com/CPS
Authority Information Access:
OCSP - URI:http://ocsp.digicert.com
CA Issuers - URI:http://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1-1.crt
X509v3 Basic Constraints: critical
CA:FALSE
1.3.6.1.4.1.11129.2.4.2:
...j.h.v.)y...99!.Vs.c.w..W}.`
..M]&\%].....{./}......G0E. C.8.....V.n..'.V.bU4Z&.G.9.:O.
........{./|......G0E. 0.9...q.4.[.G...qz.Y....z+Sk].od.!..J%|..fnX..
..H{.._R..._)........v.A...."FJ...:.B.^N1.....K.h..b......{./|f.....G0E. |.z.[%.I..XF..Note that some third-party applications require the root CA certificate to be imported in order to add a public cloud vendor. Wasabi uses DigiCert for its certificates.
Please refer to the below KB document:
How do I obtain Wasabi's CA certificate for https support on a third party application?