7bc669f46f2444b07b01749af60c9de0b5808f2a galt Fri Jun 2 11:57:37 2023 -0700 openssl s_client will not work right unless both the -trusted_first and -servername are provided. diff --git src/hg/htdocs/goldenPath/help/hgTrackHubHelp.html src/hg/htdocs/goldenPath/help/hgTrackHubHelp.html index 3c9e3ee..c2117ea 100755 --- src/hg/htdocs/goldenPath/help/hgTrackHubHelp.html +++ src/hg/htdocs/goldenPath/help/hgTrackHubHelp.html @@ -1157,31 +1157,31 @@ To help system administrators, here are groups that provide free web certs, including the popular <a href="https://letsencrypt.org/" target="_blank">LETSENCRYPT</a></p> <p> <b>Testing your site certs</b></p> <p> Here are ways to check HTTPS certificates, such as with <code>curl</code>, which uses openssl. <pre> curl https://yourdomain.com/yourhub/hub.txt </pre> <p> If curl can fetch the hub.txt HTTPS URL without errors, then the certs should work with the UCSC Genome Browser.</p> <p> For a deeper level of debugging, system administrators can use the open ssl client command: <pre> -openssl s_client -connect yourdomain.com:443 -servername yourdomain.com +openssl s_client -trusted_first -connect yourdomain.com:443 -servername yourdomain.com </pre></p> <p> Various online SSL Server Test sites have great detailed documentation about how to check your website's certs and configuration, such as <a href="https://www.ssllabs.com/ssltest/" target="_blank">https://www.ssllabs.com/ssltest/</a>. Here is an example where you can supply yourdomain.com and discover results: <pre> https://www.ssllabs.com/ssltest/analyze.html?d=yourdomain.com&latest </pre></p> <p> Feel free to contact UCSC Genome Browser for help if you are seeing certificate validation error messages you do not understand.</p> <!--#include virtual="$ROOT/inc/gbPageEnd.html" -->