I confirm @axe3's info.I previously looked at using openssl like this, but it appears to produce somewhat different results compared to using Chrome or Firefox.Another option: You can also use "openssl" client at Mac/Linux/WSL terminal to both the certificate chain ("openssl s_client -showcerts -connect 1.1.1.1:443").
For 1.1.1.1:443 it only gets the public certificate for 1.1.1.1 and the intermediate one, but does not include the root certificate.
While the provided shell command is useful for extracting certificates from the web server, it's important to note that the resulting certificate_chain_1.1.1.1.pem file might lack the root certificate.
The command produces a .pem file containing the public certificate for cloudflare-dns.com and the intermediate certificate DigiCert Global G2 TLS RSA SHA256 2020 CA1. However, it may not include the root certificate, which is crucial for establishing a complete certificate chain.
For a comprehensive solution, it's recommended to obtain the root certificate separately. You can do this by visiting the website directly, as suggested by MikroTik support.
Statistics: Posted by edyatl — Wed Jan 17, 2024 12:16 am