Actions
Bug #7575
openTLS invalid certificate generated for CN=*.his.msappproxy.net
Affected Versions:
Effort:
Difficulty:
Label:
Description
We are seeing this alert triggered for this specific cert.
{"timestamp":"2025-03-03T13:27:20.424054-0800","flow_id":147038621003572,"in_iface":"igb2","event_type":"alert","src_ip":"192.168.172.15","src_port":40920,"dest_ip":"151.206.86.2","dest_port":443,"proto":"TCP","pkt_src":"wire/pcap","metadata":{"flowints":{"tls.anomaly.count":2}},"tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2230004,"rev":1,"signature":"SURICATA TLS invalid certificate","category":"Generic Protocol Command Decode","severity":3},"tls":{"subject":"C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=*.his.msappproxy.net","issuerdn":"C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 08","serial":"33:01:21:73:BE:CE:28:F3:03:E6:87:DE:27:00:00:01:21:73:BE","fingerprint":"e7:85:8c:a6:e9:06:d5:cd:40:37:17:80:48:17:65:08:8f:21:3c:f8","sni":"761303a3-2ec2-424e-8122-be8b689b4996.syncfabric.bootstrap.his.msappproxy.net","version":"TLS 1.2","notbefore":"2025-01-14T18:32:07","notafter":"2025-07-13T18:32:07"},"app_proto":"tls","direction":"to_server","flow":{"pkts_toserver":11,"pkts_toclient":7,"bytes_toserver":4951,"bytes_toclient":5036,"start":"2025-03-03T13:27:20.230843-0800","src_ip":"192.168.172.15","dest_ip":"151.206.86.2","src_port":40920,"dest_port":443},"payload":"FgMDDosLAA0ZAA0WAA0TMIINDzCCC/egAwIBAgIQ1AosfXzNTq9FbStVvQEHtzANBgkqhkiG9w0BAQsFADA4MTYwNAYDVQQDEy1ISVNDb25uZWN0b3JSZWdpc3RyYXRpb25DQS5oaXMubXNhcHBwcm94eS5uZXQwHhcNMjUwMjE0MTQ1ODM0WhcNMjUwNzI5MTMxNDE2WjAvMS0wKwYDVQQDEyQ3NjEzMDNhMy0yZWMyLTQyNGUtODEyMi1iZThiNjg5YjQ5OTYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaMWd+mAAaiBYnLPfKKgxC3qd9epi0y0g4DKf2ht3PP5BCBDb2YhMEQJcExyQQpKaYGcXoFdMNHv+1YS4fBuBo/5QLyhAPXAqm8tsz4BkpW/Q5mjTlunKsz8Vxnv7+hTtMmTlbmt1xleZblWecFeLDuu2rhlQAUhhDnPWjaN5chDyoDJb0ihvomvHTTkKQIlnWCxRSkSZUadILAsUhHfkKWSuBzhz5QPKy6/oJxt1Vg/ylCM96dydgI+aq0UrQmh1TkqeQR9kue3tjA75G6bbouWz6U+2v0NHUOg2Ywskl2nmaZadjKkyDuQHiHmUPf7DpSbWW04LLgzp82M05SWRtAgMBAAGCEQCjAxN2wi5OQoEivotom0mWo4IKCTCCCgUwHQYJKwYBBAGCN1IBBBCtFMZqdoIySYY50SzlUM+6MBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMCMIIJygYJKwYBBAGCN1ICBIIJu3YyOjCCCbQGCSqGSIb3DQEHAqCCCaUwggmhAgEBMQ8wDQYJYIZIAWUDBAIBBQAwOgYJKoZIhvcNAQcBoC0EK1N5bmNGYWJyaWM6nbg/8gai93gSpDBqM+9m0vpOtRsTVagYcsxWe6VfwRegggfDMIIHvzCCBqegAwIBAgITOgTGytF0RvoCtMDX8gAEBMbK0TANBgkqhkiG9w0BAQsFADBEMRMwEQYKCZImiZPyLGQBGRYDR0JMMRMwEQYKCZImiZPyLGQBGRYDQU1FMRgwFgYDVQQDEw9BTUUgSU5GUkEgQ0EgMDEwHhcNMjUwMTMwMTMxNDE2WhcNMjUwNzI5MTMxNDE2WjAsMSowKAYDVQQDEyFSZWdpc3RyYXRpb25TZXJ2ZXIubXNhcHBwcm94eS5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCoOlo12L3dHe2Ja4U9BQhDnvQ9bMq5wmpDbEKDGKiz/FVJrJF1Xh281FPi8N/e2ysdwoK7Rkf6ozP+bD/5IfLxBhh/keHWYpmyDP1YgU62aup3xb1M7JxZAYUslnnOIk2OEACPUNyo+SS43iDKjcXIEGUGVxzHlcoIURrwM62dhAommfpLxRfvjOy/v0s+asUvx6I/FkFxIvNqshpoQ16Cd/wE2xaiInpf3AwKskB/prpKuTI33pU4NcUSNeAyA4SaL71OJotn388Qn7/+v+FiX4+0lYQ6uzN8naoifb8BDVU6Rf8pieixQE47tunHCGLVBdv8K87HP0bXZZ3iK+lNAgMBAAGjggTAMIIEvDAnBgkrBgEEAYI3FQoEGjAYMAoGCCsGAQUFBwMBMAoGCCsGAQUFBwMCMD0GCSsGAQQBgjcVBwQwMC4GJisGAQQBgjcVCIaQ4w2E1bR4hPGLPoWb3RbOnRKBYIX5kUuFrJk0AgFkAgEHMIIB2gYIKwYBBQUHAQEEggHMMIIByDBmBggrBgEFBQcwAoZaaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraWluZnJhL0NlcnRzL0JZMlBLSUlOVENBMDEuQU1FLkdCTF9BTUUlMjBJTkZSQSUyMENBJTIwMDEoNCkuY3J0MFYGCCsGAQUFBzAChkpodHRwOi8vY3JsMS5hbWUuZ2JsL2FpYS9CWTJQS0lJTlRDQTAxLkFNRS5HQkxfQU1FJTIwSU5GUkElMjBDQSUyMDAxKDQpLmNydDBWBggrBgEFBQcwAoZKaHR0cDovL2NybDIuYW1lLmdibC9haWEvQlkyUEtJSU5UQ0EwMS5BTUUuR0JMX0FNRSUyMElORlJBJTIwQ0ElMjAwMSg0KS5jcnQwVgYIKwYBBQUHMAKGSmh0dHA6Ly9jcmwzLmFtZS5nYmwvYWlhL0JZMlBLSUlOVENBMDEuQU1FLkdCTF9BTUUlMjBJTkZSQSUyMENBJTIwMDEoNCkuY3J0MFYGCCsGAQUFBzAChkpodHRwOi8vY3JsNC5hbWUuZ2JsL2FpYS9CWTJQS0lJTlRDQTAxLkFNRS5HQkxfQU1FJTIwSU5GUkElMjBDQSUyMDAxKDQpLmNydDAdBgNVHQ4EFgQUlDZeBJWXa66d5XWoJi5W4+L0xnkwDgYDVR0PAQH/BAQDAgWgMCwGA1UdEQQlMCOCIXJlZ2lzdHJhdGlvbnNlcnZlci5tc2FwcHByb3h5Lm5ldDCCATUGA1UdHwSCASwwggEoMIIBJKCCASCgggEchkJodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpaW5mcmEvQ1JML0FNRSUyMElORlJBJTIwQ0ElMjAwMSg0KS5jcmyGNGh0dHA6Ly9jcmwxLmFtZS5nYmwvY3JsL0FNRSUyMElORlJBJTIwQ0ElMjAwMSg0KS5jcmyGNGh0dHA6Ly9jcmwyLmFtZS5nYmwvY3JsL0FNRSUyMElORlJBJTIwQ0ElMjAwMSg0KS5jcmyGNGh0dHA6Ly9jcmwzLmFtZS5nYmwvY3JsL0FNRSUyMElORlJBJTIwQ0ElMjAwMSg0KS5jcmyGNGh0dHA6Ly9jcmw0LmFtZS5nYmwvY3JsL0FNRSUyMElORlJBJTIwQ0ElMjAwMSg0KS5jcmwwgZ0GA1UdIASBlTCBkjAMBgorBgEEAYI3ewEBMGYGCisGAQQBgjd7AgIwWDBWBggrBgEFBQcCAjBKHkgAMwAzAGUAMAAxADkAMgAxAC0ANABkADYANAAtADQAZgA4AGMALQBhADAANQA1AC0ANQBiAGQAYQBmAGYAZAA1AGUAMwAzAGQwDAYKKwYBBAGCN3sDAjAMBgorBgEEAYI3ewQCMB8GA1UdIwQYMBaAFOXZm2f8+Oy6u/DAqJ2KV4i53z5jMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEADEIujN7Z+u47ktR9n9AEdUDjvVP+YZXSbRd9YsXD9b/PyT7wMqvgwTvZHTvJQ7RObfuGx4rRyLyyn1d8UVErVlfYVFMek9wlTIQHp6v0yVbGmsRt8Aw98wYf7VtfHu0vv8Atb5GKmi2Gdx0nhbzB0t7CyfzwVWXCin88kCjjloJGJsacv8AeEJtyHM5S4qPu3JmfCXV/wG8p5KVPVx4Jvv+uoYKH3nsV1sECqTK4N2lux74qnvnuS9bS7nMmB1fn+aaWLc769ESRtmo4I+56KnbvF0thRi/HiEyvohx3Lik+/mwDNvQD8Sb+y3G7HvlSyBZbd3haXDzIE+8+DAJ//DGCAYYwggGCAgEBMFswRDETMBEGCgmSJomT8ixkARkWA0dCTDETMBEGCgmSJomT8ixkARkWA0FNRTEYMBYGA1UEAxMPQU1FIElORlJBIENBIDAxAhM6BMbK0XRG+gK0wNfyAAQExsrRMA0GCWCGSAFlAwQCAQUAMA0GCSqGSIb3DQEBAQUABIIBAGHzZsgyCA5SqgUHZSgOCHWPzUk5AAGjPGTpY7eY4jhxZObx9CumOdyZEIgpsLTB46mBilHzFyJOKFFtTaaTg95NQOPMXrrD45s1OGRO88ylwByQLRAUfASqF0X+eF6r2KB4D4I5th0C/PE1GdYkUnjwfHrwS2UsvHAr7tXEylC3zMnmbIDCO2xT57Wva5NVZtFIt+YGMQ0Hxx3jyzx8Fcwh1Gn2c8sZUE5eYjdawc86sr2v5QyRLUAEUntd2QfUqLEJZa0nnRdVrOIhjRa7EVDP0mrWkSJ1oXYovGGxb2uZ/9jBsNQug46LFoHCUhqtqzr57kwpr0u5whAhnXAYE4cwDQYJKoZIhvcNAQELBQADggEBAByXoBubeq94QRHPjSHxU52KntzUy/qKuw+OQBIH5XusdDYbj7Hob0S7UVKzmzJCAyKb2CZW+1UiIaASPf9bHcHmExa7JbhQDsBqqtwKNouViJZG5l0Xfrch8RweWVu/mJ1I3dApPYlZ3auphJ7jPnv8SVu+2WgLteX6dyQl3VS+AiejRYd9PPWt7NO7wQABOH0zmvnzj4YbfNa3SKwZ8CpjqpCTT7HAf/LXih2LP4utmw2fVo9oedi3x1zyj+QioheZ1qi0UgjmufyRf/+xauqKALprFBSKYBAf+MSol2hrBjNJXOy9U++2AGAuFi3tk8guSyWWeQHsNz8v+rlCu1QQAABiYQRqtIacwSXMe2PTgxVt/xv+DFu7g6PfdNVYQeN0+N1siHN/sYv2KOjC/nab9wlLK2LQ9rmS3hxitgD5jey+ArqlbYcHQ/MdBhmQ2+YyBjMOuzDvJF//ETTPyL+u7MLjDGMPAAEEBAEBADIb/A8LjiMvyjcK7AiZajb5S4wHPXvCZ8CCKOGg2Pd4LmJ6zxx80A850SZj90qtfPv/sOVMtO6appAvj9T8zZOqlmf2yUcx2RfrHgtM4bv/wwiCPYi4MdWjdVMMgtymn5wObTkEAxGKkIwbg00at6MVGt1msS6Jsd7u1Vq2RBEm3W9EPD2OinolZhyxBqP2qXUy1bsTdhhGCOW74uVqee3MlVJJlil1TTtV/LjzsD6/UsWzv99UOJSWh6UJETfql6V5Za/KzxLsNKA7FOZswC1W1wXq8GYjqPnJXSWtoX70Pk8RvprKiPfvBKF/d17RalREY0W/0ESBRIZemv+o0/4UAwMAAQEWAwMAKAAAAAAAAAAAgBmxXNWedldDzUGp/RBw3I/TPQ14NL5hCPVa/AFrFdM=","payload_printable":".......\r..\r..\r.0.\r.0...........\n,}|.N.Em+U....0\r..*.H..\r.....081604..U...-HISConnectorRegistrationCA.his.msappproxy.net0..\r250214145834Z.\r250729131416Z0/1-0+..U...$761303a3-2ec2-424e-8122-be8b689b49960..\"0\r..*.H..\r..........0..\n......1g~.....',..*.B..}z...H8......?.B.6.b..@...$.........\r...a....h......\\\n...3..)[.9.4..r...q....;L.9[..q..[.g........T.R.C...h.\\.<..........NB.\"Y...R.&Ti....!..\nY+....@.......U.....zw'`#...J...S...G..{{c..F....l.S.....:\r...%.y.e.c*L.....e....I......:|..9Idm...........v..NB.\"..h.I...\n.0.\n.0...+.....7R......jv.2I.9.,.P..0...U.%.....0\n..+.......0.....+.....7R.....v2:0.....*.H..\r.......0......1.0\r..`.H.e......0:..*.H..\r....-.+SyncFabric:..?....x..0j3.f..N...U..r.V{._......0...0..........:....tF............0\r..*.H..\r.....0D1.0..\n..&...,d....GBL1.0..\n..&...,d....AME1.0...U....AME INFRA CA 010..\r250130131416Z.\r250729131416Z0,1*0(..U...!RegistrationServer.msappproxy.net0..\"0\r..*.H..\r..........0..\n......:Z5......k.=..C..=l...jClB.....UI..u^...S.....+....FG..3.l?.!........b....X.N.j.w..L..Y..,.y.\"M....P...$.. .....e.W.....Q..3...\n&..K.......K>j./..?.Aq\".j..hC^.w.....\"z_..\n.@...J.27..85..5.2.../.N&.g........b_....:.3|..\"}..\rU:E.)...@N;....b....+..?F.e..+.M.........0...0'..+.....7.\n..0.0\n..+.......0\n..+.......0=..+.....7...00..&+.....7.....\r...x...>........`...K...4..d...0.....+...........0...0f..+.....0..Zhttp://crl.microsoft.com/pkiinfra/Certs/BY2PKIINTCA01.AME.GBL_AME%20INFRA%20CA%2001(4).crt0V..+.....0..Jhttp://crl1.ame.gbl/aia/BY2PKIINTCA01.AME.GBL_AME%20INFRA%20CA%2001(4).crt0V..+.....0..Jhttp://crl2.ame.gbl/aia/BY2PKIINTCA01.AME.GBL_AME%20INFRA%20CA%2001(4).crt0V..+.....0..Jhttp://crl3.ame.gbl/aia/BY2PKIINTCA01.AME.GBL_AME%20INFRA%20CA%2001(4).crt0V..+.....0..Jhttp://crl4.ame.gbl/aia/BY2PKIINTCA01.AME.GBL_AME%20INFRA%20CA%2001(4).crt0...U.......6^...k...u.&.V....y0...U...........0,..U...%0#.!registrationserver.msappproxy.net0..5..U.....,0..(0..$... .....Bhttp://crl.microsoft.com/pkiinfra/CRL/AME%20INFRA%20CA%2001(4).crl.4http://crl1.ame.gbl/crl/AME%20INFRA%20CA%2001(4).crl.4http://crl2.ame.gbl/crl/AME%20INFRA%20CA%2001(4).crl.4http://crl3.ame.gbl/crl/AME%20INFRA%20CA%2001(4).crl.4http://crl4.ame.gbl/crl/AME%20INFRA%20CA%2001(4).crl0....U. ...0..0..\n+.....7{..0f.\n+.....7{..0X0V..+.......0J.H.3.3.e.0.1.9.2.1.-.4.d.6.4.-.4.f.8.c.-.a.0.5.5.-.5.b.d.a.f.f.d.5.e.3.3.d0..\n+.....7{..0..\n+.....7{..0...U.#..0......g..........W...>c0...U.%..0...+.........+.......0\r..*.H..\r...........B......;..}...u@..S.a..m.}b......>.2...;..;.C.Nm.........W|QQ+VW.TS...%L......V...m..=....[_../..-o...-.w.'.........Ue...<.(...F&.......r..R.......u..o)..OW.........{.....2.7in..*...K...s&.W....-...D..j8#.z*v..KaF/..L...w.)>.l.6...&..q...R..[wxZ\\<...>....1...0......0[0D1.0..\n..&...,d....GBL1.0..\n..&...,d....AME1.0...U....AME INFRA CA 01..:....tF............0\r..`.H.e......0\r..*.H..\r.........a.f.2..R...e(..u..I9...<d.c...8qd...+.9....).......Q..\"N(QmM....M@..^....58dN......-..|...E.x^...x..9.....5..$Rx.|z.Ke,.p+....P....l..;lS...k.Uf.H...1\r.....<|..!.i.s..PN^b7Z..:......-@.R{]......e.'..U..!....P..j..\"u.v(.a.ok.............R...:..L).K...!.p...0\r..*.H..\r...............z.xA...!.S...........@...{.t6....oD.QR..2B.\"..&V.U\"!..=.[......%.P..j..\n6....F.].~.!...Y[...H..)=.Y......>{.I[..h....w$%.T..'.E.}<........8}3......|..H...*c...O........?...\r.V.hy...\\...\"......R........j....k...`......hk.3I\\..S...`..-....K%.y..7?/..B.T...ba.j....%.{c...m....[....t.XA.t..l.s....(...v...K+b......b.........m..C.......2.3..0.$_..4........c........2.....#/.7\n...j6.K..={.g..(....x.bz..|..9.&c.J.|....L...../.......g..G1.....L......=..1..uS.......m9........M......f.......Z.D.&.oD<=..z%f......u2...v.F.....jy...RI.)uM;U....>.R....T8......7...ye.....4.;..l.-V....f#...]%..~.>O..........w^.jTDcE..D.D.^...............(...........\\..vWC.A...p...=\rx4.a..Z..k..","stream":1,"packet":"rB9rFcyCABY+CToLCABFAAEiAqlAAEAG3KTAqKwPl85WAp/YAbuDAucrce/I1FAYAPkGigAAFwMDAPUAAAAAAAAAAW+jyo9KgwpDMAVYxqDUGW1MHOc/RRHILdRSqMRNp9m9tMn/GaxAoFuZsqF1N+qk0YatN7ntKhy9kw4R36EEm2wUf9807YuycRT6zvEbn/V8G4b8i8+EuLg/xEycePkF9z8XVvJc+nwu4fexF3O1IWjeN5rksr/Ioub9uPDPOv8ihLk02A+kt+lH1Kt3GYtf4wNSsUHXWQ7QQrlKhugG54GohDVt9vHfG8StHl/Rr55krNZn3n8jaXLOZcRrm+cGxQLd+qg7k2NZ6ux4yeflSzk2sSzVm34WAJOFvrla7zq8ODyA5hf5lqunOSG9FQ==","packet_info":{"linktype":1}}
I'm not sure I'm going to be able to capture a pcap trace. Is the payload sufficient? How can one decode the payload? I was hoping to check the cert myself but not sure I can.
Perhaps this is useful as well:
openssl s_client -connect 761303a3-2ec2-424e-8122-be8b689b4996.syncfabric.bootstrap.his.msappproxy.net:443 Connecting to 151.206.86.2 CONNECTED(00000003) depth=2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2 verify return:1 depth=1 C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 08 verify return:1 depth=0 C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=*.his.msappproxy.net verify return:1 --- Certificate chain 0 s:C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=*.his.msappproxy.net i:C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 08 a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA384 v:NotBefore: Jan 14 18:32:07 2025 GMT; NotAfter: Jul 13 18:32:07 2025 GMT 1 s:C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 08 i:C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2 a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA384 v:NotBefore: Jun 8 00:00:00 2023 GMT; NotAfter: Aug 25 23:59:59 2026 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIKQzCCCCugAwIBAgITMwEhc77OKPMD5ofeJwAAASFzvjANBgkqhkiG9w0BAQwF ADBdMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9u MS4wLAYDVQQDEyVNaWNyb3NvZnQgQXp1cmUgUlNBIFRMUyBJc3N1aW5nIENBIDA4 MB4XDTI1MDExNDE4MzIwN1oXDTI1MDcxMzE4MzIwN1owazELMAkGA1UEBhMCVVMx CzAJBgNVBAgTAldBMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3Nv ZnQgQ29ycG9yYXRpb24xHTAbBgNVBAMMFCouaGlzLm1zYXBwcHJveHkubmV0MIIB IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtzLXcxJZoMcVo04RqDNpzqPn g9dcuBgYab6s+UE73+YGZAsOjrvafZyA9Eh/mUojhhwlRKLeB8ZUphHHE5mnvEhN xOjewlYWPK4WG6GFd21co/pON3Jt8X3BwPDm1SpdwIyQG2NITRG5+lKNkHoGSgRn +18w2PgLo9PJO3+IoshfJ+KjSN/qJ3Rj1CtvCKgifRpcGXHwXvjnpc5uUgP3gr17 sJC2mM/CG0+gnhmqB6Kmh+PuIKXFt9deP7qERNjj1m9chLyDTs9172woTnHHkJXS sP8bYeVy0BzQNI7WfNNkEJ0YWY8D4bdcdRv0r91/P7R8CCLepSxd8/4P5xA7SQID AQABo4IF7DCCBegwggF/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2AN3cyjSV1+EW BeeVMvrHn/g9HFDf2wA6FBJ2Ciysu8gqAAABlGYfiKkAAAQDAEcwRQIhAIM2ou55 RfMqzjTY/jvqrzBCFpG6H3+POD4dkz9V3A+rAiAU2ekE3jOQamxNnNUS0vKzsRJo q6wys1a4DUfQGTrCCgB2AH1ZHhLheCp7HGFnfF79+NCHXBSgTpWeuQMv2Q6MLnm4 AAABlGYfiYEAAAQDAEcwRQIgVJ1g+tao6NnFFOm2PY2UEXBbh8wRe1B6k78OVvjE r8QCIQDuKcoycxP67nvMe1l/zTHxzMaCHGbQmw80qmAFJfa8WAB3ABoE/0nQVB1A r/agw7/x2MRnL07s7iNAaJhrF0Au3Il9AAABlGYfifgAAAQDAEgwRgIhAM9UBCcf Qed+fqjSfeHXuT26+mD2XuVdheGxyzP5pH93AiEA7wnBvzgozlwkPSMhLDJghfJz n5RRmDK41ubWFwMahDEwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggr BgEFBQcDATA8BgkrBgEEAYI3FQcELzAtBiUrBgEEAYI3FQiHvdcbgefrRoKBnS6O 0AyH8NodXYKr5zCH7fEfAgFkAgEtMIG0BggrBgEFBQcBAQSBpzCBpDBzBggrBgEF BQcwAoZnaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNy b3NvZnQlMjBBenVyZSUyMFJTQSUyMFRMUyUyMElzc3VpbmclMjBDQSUyMDA4JTIw LSUyMHhzaWduLmNydDAtBggrBgEFBQcwAYYhaHR0cDovL29uZW9jc3AubWljcm9z b2Z0LmNvbS9vY3NwMB0GA1UdDgQWBBQA7bMj20JpX1HkXa7O8aV83WyrEDAOBgNV HQ8BAf8EBAMCBaAwggHyBgNVHREEggHpMIIB5YIvKi5hZGFkbWluaXN0cmF0aW9u LmJvb3RzdHJhcC5oaXMubXNhcHBwcm94eS5uZXSCHiouYm9vdHN0cmFwLmhpcy5t c2FwcHByb3h5Lm5ldIIaKi5ib290c3RyYXAubXNhcHBwcm94eS5uZXSCHiouY29u bmVjdG9yLmhpcy5tc2FwcHByb3h5Lm5ldIInKi5leGNoYW5nZS5ib290c3RyYXAu aGlzLm1zYXBwcHJveHkubmV0ghQqLmhpcy5tc2FwcHByb3h5Lm5ldIIiKi5wdGEu Ym9vdHN0cmFwLmhpcy5tc2FwcHByb3h5Lm5ldIImKi5yZXNvdXJjZS5mcmVlYnVz eS5oaXMubXNhcHBwcm94eS5uZXSCLioucmVzb3VyY2UubWFpbGJveG1pZ3JhdGlv bi5oaXMubXNhcHBwcm94eS5uZXSCICoucmlkLnJ1bnRpbWUuaGlzLm1zYXBwcHJv eHkubmV0gikqLnN5bmNmYWJyaWMuYm9vdHN0cmFwLmhpcy5tc2FwcHByb3h5Lm5l dIIgKi50aWQucnVudGltZS5oaXMubXNhcHBwcm94eS5uZXSCGGJvb3RzdHJhcC5t c2FwcHByb3h5Lm5ldIISaGlzLm1zYXBwcHJveHkubmV0MAwGA1UdEwEB/wQCMAAw agYDVR0fBGMwYTBfoF2gW4ZZaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9w cy9jcmwvTWljcm9zb2Z0JTIwQXp1cmUlMjBSU0ElMjBUTFMlMjBJc3N1aW5nJTIw Q0ElMjAwOC5jcmwwZgYDVR0gBF8wXTBRBgwrBgEEAYI3TIN9AQEwQTA/BggrBgEF BQcCARYzaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9Eb2NzL1JlcG9z aXRvcnkuaHRtMAgGBmeBDAECAjAfBgNVHSMEGDAWgBT2fi+9gKNKsnBb69+aH9jt ymGABzAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDQYJKoZIhvcNAQEM BQADggIBAD2RIobQ4q/WjflJV7RRgUmybRlgzngEMf5/3eAr840Kp9Vxe/XxquO3 t4rbODuTJVYd7cBV/Atr40thUS5EqbBQh0BA2vrSuB5mTWOLEooFJG7JIX4P02Ie NiUsDqjgguPEJOTTEfiFQb761cZgWoA8rMBRyVq0dV21RlXkhYXgF/EwKKsDblfX J1S7BfjonLRZPcnHsiID6QOwn/55Hg+tZBOmZSfw/2g3JyYYYA8YWWDUB8kTexRs 55bkQz4HTHv7QoTIxpimXM/xK7y1Gz5+WspErbsRZguudT5CDQQxjSH/Citdvlre TEKoy5T8gKlk3W5icGw7D3FJFkfa7M2uy+5r5heS5Ud7rEk4nHIVM0WSSogKGuY4 5qnXX3F1I5L+w6Y9imvPHWv845Y/gl+xMZH0AVS6OE8/i5n+LnndBbTYwGbY14TQ OD/aP+uAhMgXtlqGGT06jUwU3z7EWTYGGlbbpMpLnexVmYTmTvKrI2G1BtROso1z epUip6wjtGpHYgMj4QaFjlw3QiTErmLQWMz6GX3Q5VLPsNusVCbDYOZ2wkh5UTSJ 47D5krWs7iTNfhF/pNpEPmKamIYseNpmfrleQhN2c7oNrTpfvEdRLOK+Hg5OJbLb L72yPNBGOrCg9CbbR9BqL6xKljojf/aRa4NsHAPZJGwlQzNcHe+b -----END CERTIFICATE----- subject=C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=*.his.msappproxy.net issuer=C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 08 --- No client certificate CA names sent Requested Signature Algorithms: RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA1:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA1:DSA+SHA1:RSA+SHA512:ECDSA+SHA512 Shared Requested Signature Algorithms: RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:ECDSA+SHA256:ECDSA+SHA384:RSA+SHA512:ECDSA+SHA512 Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: ECDH, secp384r1, 384 bits --- SSL handshake has read 4777 bytes and written 957 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 2048 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 9C2FFB9C52A3ABBCDD914AD885A2E2B07C3EBA98E585EE49446699EF1F25BC13 Session-ID-ctx: Resumption PSK: 1AAD873D5BA4F5D19135D1F37AD536CCA9172AB24435022A79802196EC2FBD4C87657BF8E59E262264777427F132C0E2 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 36000 (seconds) TLS session ticket: 0000 - 49 0a 00 00 e2 a5 3a f5-5c 81 1e a5 52 32 07 25 I.....:.\...R2.% 0010 - d1 04 b3 9d 94 cf 80 b2-14 35 54 7d 83 2b a2 6f .........5T}.+.o Start Time: 1741039064 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK
No data to display
Actions