0

support.mycollab.com SSL certificate hostname mismatch

saper 2 months ago 0

After an error occurred (https://mycollab.userecho.com/communities/3/topics/599-fresh-cloud-site-an-attemt-to-remove-favicon-fails) the user is redirected to https://support.mycollab.com/ which is hosted on userecho.com therefore the SSL certificate validation fails.

Reproduction:

> openssl s_client -connect support.mycollab.com:443 -servername support.mycollab.com -verify_hostname  support.mycollab.com 
CONNECTED(00000003)
depth=0 CN = userecho.com
verify error:num=62:Hostname mismatch
verify return:1
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = userecho.com
verify return:1
---
Certificate chain
 0 s:/CN=userecho.com
   i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
 1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
   i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgISA2uiGsYXYRG7wwygpqMsLyroMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTA5MDQwOTAzMTVaFw0x
OTEyMDMwOTAzMTVaMBcxFTATBgNVBAMTDHVzZXJlY2hvLmNvbTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBALmb6iIROUDn51ifhc6LUxdRlODLyAAzuZhd
7a/dFC1FIjqcw/IQH92P9JA0rDQJz7gqn3bohO3jUjxmDCgvMzHBd+PX+kMsi/1U
tLuq+kT0rnMeWAxuxQ3XQ8oDBsczCiFKI9VAfkQNbb6IAzUdG3d3lAcbsN9nappz
rc7UqrckrB0w9apH4KzXrr5wvglcUVbTCzuBKMOq7oJBn1nGWU5ctPpuQhHvhc0G
tgltEktVq6EJ9mp+PntthRNOruV7eLZZCGlhDvB7C0mK71wHrq6uaqb/7ZJsn89t
55K6Aqtj+qL5i3Q/pvkq3jybwcwqc9uecVUzWH2nzccgnBK4w5cCAwEAAaOCAnEw
ggJtMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
AwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUadL1WcKIJnVYKeS+OfEGqsdhNfIw
HwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7/Oo7KEwbwYIKwYBBQUHAQEEYzBh
MC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5cHQub3Jn
MC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDMubGV0c2VuY3J5cHQub3Jn
LzAnBgNVHREEIDAegg4qLnVzZXJlY2hvLmNvbYIMdXNlcmVjaG8uY29tMEwGA1Ud
IARFMEMwCAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0
dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDw
AHYAdH7agzGtMxCRIZzOJU9CcMK//V5CIAjGNzV55hB7zFYAAAFs+7pyWQAABAMA
RzBFAiEAwohsFaxt6FTmuR1AINCXbJmtpVmK0EOxmvNs02n6/IoCIFqv68bbOqgQ
w6RLUTf+JqOl/30J7g2u58ReOgTk/49nAHYAY/Lbzeg7zCzPC3KEJ1drM6SNYXeP
vXWmOLHHaFRL2I0AAAFs+7pyUQAABAMARzBFAiEAwYFf9xzBUxOwjjZXESnYJErI
3q982ZWp/g0fXAH/K1QCIAZZId79eZuoj2m5PaE/CubyLbZBErU8yTo2xoE0MowJ
MA0GCSqGSIb3DQEBCwUAA4IBAQAUSqk0QwkNx/WEC5/I6kHjyKbAj6OzCBqOmU+T
1hCxMhyASAKlDOINlPEkMyh2rAY073Zc2vMmv6ahQLDCZylzfBMk4tnAviVhfX7S
GGSVXff0Rl3cAqfQuvwWVvHLQKc8okQJCNUt5RLYVWhyrG8rxC4uwKXMg44HJzpg
N7eAxSI9N2sCOupszi/qGnSP8pMF3cd4vcB3KoMHH6kmr6KajWNZf3xgQBwnjsUg
COo+onwvfMPFSRD9yLXx0dfTtWeJcHxt9LQUcAU2GsrUhSgOvj2MLClR6wjs9V8a
X2uKbOexxjRTfBtnGMAFJuPmvDKEdKwC8bIJ2sRLMAHexsSn
-----END CERTIFICATE-----
subject=/CN=userecho.com
issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 3248 bytes and written 462 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: 455508E441B5E5F912CFADD66193B2E7ECC34A9E716214C1970208B504C28BB1
    Session-ID-ctx: 
    Master-Key: 70AEF7A81DEE4B11E6AF5B6CC104922179DC5E30A0CA71780AA848C622F6AE7434D31CAD9DB619356165C7266C138A47
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - 40 e0 4b a3 9a c5 8f 73-d0 f3 89 84 4d 52 b0 15   @.K....s....MR..
    0010 - 79 29 69 da b6 b1 c3 b4-da e9 3f 65 84 6b 30 bd   y)i.......?e.k0.
    0020 - 86 d1 d8 de 3e cd e6 03-2d af 26 c6 a7 59 1e cf   ....>...-.&..Y..
    0030 - bd 14 41 b5 f4 c8 69 5c-73 9e 3f 86 0b 7c 61 62   ..A...i\s.?..|ab
    0040 - ed 58 a0 22 80 fc 8e 0b-b8 65 a6 9d ad 5e e2 39   .X.".....e...^.9
    0050 - fb 24 8c 18 20 c5 3a 84-85 6a be dc ae c2 57 27   .$.. .:..j....W'
    0060 - f9 0b b9 26 7e 97 1c 82-0e dc eb 9b be a9 91 88   ...&~...........
    0070 - 96 04 70 66 3b 9f bd 6c-b5 7c 5c 6c f3 f8 74 9e   ..pf;..l.|\l..t.
    0080 - 8f 08 87 21 f2 ee 63 7a-01 67 4b 93 d4 bb 38 17   ...!..cz.gK...8.
    0090 - 10 80 95 4a fe cf d8 f7-ba 13 5f e8 0e d7 89 02   ...J......_.....
    00a0 - 62 89 0c f2 68 16 65 6c-8c b9 9c 2a e2 cc 3f df   b...h.el...*..?.
    00b0 - 9c 30 39 9f 1e b3 7a 26-0e 29 bc 86 2d 2f cb f0   .09...z&.)..-/..

    Start Time: 1569407506
    Timeout   : 300 (sec)
    Verify return code: 62 (Hostname mismatch)
---
closed