How do I obtain Wasabi's current certificate chain?

In order to validate and obtain Wasabi's current certificate chain, you may run the command shown below and use the server certificate to configure your S3 backup application if they are required to be entered manually.

 

NOTE: This example discusses the use of Wasabi's us-east-1 storage region. To use other Wasabi storage regions, please use the appropriate Wasabi service URL as described in this article

When using different storage regions, make sure to edit the connect url 's3.us-east-1.wasabisys.com:443'.

 

$ openssl s_client -connect s3.us-east-1.wasabisys.com:443 < /dev/null 2>/dev/null | openssl x509 -text -noout
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:1d:53:46:3e:ce:d9:7a:39:7c:35:57:05:5e:39:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1
        Validity
            Not Before: Sep  7 00:00:00 2021 GMT
            Not After : Oct  8 23:59:59 2022 GMT
        Subject: C=US, ST=Massachusetts, L=BOSTON, O=Wasabi Technologies, Inc., CN=*.wasabisys.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:d7:8a:35:6b:3f:4d:65:9d:fa:79:24:c9:c0:c6:
                    f0:b6:52:18:f9:f6:44:2a:75:44:19:85:b9:aa:16:
                    2f:e2:0d:1e:93:43:ea:0f:a3:c5:38:30:03:c4:2c:
                    0f:38:ff:d1:ef:f0:7d:9b:4f:dc:fb:ff:4f:56:c9:
                    40:2f:c2:a3:3b:b9:85:9e:ac:df:65:27:bc:21:ed:
                    4f:1f:9a:85:3d:dc:26:d3:75:ad:3c:ae:3d:0f:c5:
                    4a:0b:cd:f3:7e:11:38:bd:43:05:83:4a:8b:a4:5d:
                    1f:dc:a8:33:02:71:46:f4:bd:24:1c:1b:51:77:19:
                    27:32:0d:84:18:bb:ee:1b:26:58:13:2b:65:4d:95:
                    11:a6:f1:a0:e4:dc:0f:88:99:4b:27:08:25:74:bb:
                    c6:e5:17:37:7e:7e:c8:f2:f7:8f:a0:56:e0:b0:f5:
                    65:51:4b:e1:78:a2:5b:3c:c1:9d:42:ce:43:11:b0:
                    70:e8:41:7c:b0:56:23:42:2b:f7:6a:5b:75:bd:5d:
                    a9:ac:46:e9:7c:9f:d7:0b:92:28:90:19:91:c4:55:
                    c8:d8:ed:54:8e:02:5d:5a:6e:b6:d1:eb:c0:3f:92:
                    7d:03:b9:2f:96:08:e9:54:af:75:b0:74:65:f3:7f:
                    a9:52:e8:94:b0:41:c0:b6:02:40:fd:e1:72:d0:c9:
                    90:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier:
                keyid:B7:6B:A2:EA:A8:AA:84:8C:79:EA:B4:DA:0F:98:B2:C5:95:76:B9:F4

            X509v3 Subject Key Identifier:
                11:49:1D:09:26:F8:4A:E5:BC:62:19:03:73:0B:49:E9:1E:A1:FA:A1
            X509v3 Subject Alternative Name:
                DNS:*.wasabisys.com, DNS:wasabisys.com
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:http://crl3.digicert.com/DigiCertTLSRSASHA2562020CA1-3.crl

                Full Name:
                  URI:http://crl4.digicert.com/DigiCertTLSRSASHA2562020CA1-3.crl

            X509v3 Certificate Policies:
                Policy: 2.23.140.1.2.2
                  CPS: http://www.digicert.com/CPS

            Authority Information Access:
                OCSP - URI:http://ocsp.digicert.com
                CA Issuers - URI:http://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1-1.crt

            X509v3 Basic Constraints: critical
                CA:FALSE
            1.3.6.1.4.1.11129.2.4.2:
                ...j.h.v.)y...99!.Vs.c.w..W}.`
..M]&\%].....{./}......G0E. C.8.....V.n..'.V.bU4Z&.G.9.:O.
........{./|......G0E. 0.9...q.4.[.G...qz.Y....z+Sk].od.!..J%|..fnX..
..H{.._R..._)........v.A...."FJ...:.B.^N1.....K.h..b......{./|f.....G0E. |.z.[%.I..XF..<iO_%.8.....}4$ OJ.!....%.W.1.X...
...'..~..-.`H..iIy
    Signature Algorithm: sha256WithRSAEncryption
         48:49:64:bc:2a:75:b3:eb:f1:42:58:bf:db:64:01:12:1a:02:
         63:97:cd:2a:bc:d1:9f:25:3a:e4:25:11:d5:fd:03:a7:b0:3e:
         fb:48:cf:07:fe:e6:4f:b8:34:5d:b5:00:bc:50:a3:7c:ad:ec:
         74:15:57:11:cf:42:3c:41:9e:67:45:4a:4e:d7:d4:6f:72:34:
         11:ea:ed:1c:74:45:79:b5:98:83:b4:17:f2:03:13:ba:3f:e3:
         e8:7b:4d:c5:72:46:2e:03:7f:20:6a:af:66:a6:ea:10:77:d4:
         c9:50:d9:c9:6e:15:ab:bc:3c:61:b5:d4:33:f5:f7:aa:0c:df:
         60:30:ec:7e:13:16:05:24:9e:a0:64:6e:16:b0:14:bb:1b:f6:
         50:bb:5d:91:45:81:e9:8e:cd:0b:0f:24:a6:00:a9:dd:1f:66:
         8e:44:de:d0:93:fa:01:a5:86:a4:af:d1:97:69:ce:b8:6d:47:
         07:ba:eb:ba:b7:e9:9c:78:4c:a5:71:13:4f:90:5a:33:47:d0:
         40:18:6c:d9:ea:c0:b6:99:f4:9b:35:e8:40:b7:21:55:ae:f2:
         af:80:e1:69:fa:04:7e:80:2c:2d:48:4e:41:b2:8d:4a:75:ed:
         9a:f7:ce:30:cd:4c:4f:f8:0b:09:f7:18:66:5f:b7:99:f4:dc:
         d6:d5:2c:8f

 

Note that some third-party applications require the root CA certificate to be imported in order to add a public cloud vendor. Wasabi uses DigiCert for its certificates.

Please refer to the below KB document:

How do I obtain Wasabi's CA certificate for https support on a third party application?

 

 

Have more questions? Submit a request