-
-
Save guitarrapc/8e6b68f21bc1eef8e7b66bde477d5859 to your computer and use it in GitHub Desktop.
$ openssl s_client -servername token.actions.githubusercontent.com -showcerts -connect token.actions.githubusercontent.com:443 < /dev/null 2>/dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | sed "0,/-END CERTIFICATE-/d" > certificate.crt | |
$ openssl x509 -in certificate.crt -fingerprint -noout | cut -f2 -d'=' | tr -d ':' | tr '[:upper:]' '[:lower:]' | |
6938fd4d98bab03faadb97b34396831e3780aea1 |
-----BEGIN CERTIFICATE----- | |
MIIE6jCCA9KgAwIBAgIQCjUI1VwpKwF9+K1lwA/35DANBgkqhkiG9w0BAQsFADBh | |
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 | |
d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD | |
QTAeFw0yMDA5MjQwMDAwMDBaFw0zMDA5MjMyMzU5NTlaME8xCzAJBgNVBAYTAlVT | |
MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxKTAnBgNVBAMTIERpZ2lDZXJ0IFRMUyBS | |
U0EgU0hBMjU2IDIwMjAgQ0ExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC | |
AQEAwUuzZUdwvN1PWNvsnO3DZuUfMRNUrUpmRh8sCuxkB+Uu3Ny5CiDt3+PE0J6a | |
qXodgojlEVbbHp9YwlHnLDQNLtKS4VbL8Xlfs7uHyiUDe5pSQWYQYE9XE0nw6Ddn | |
g9/n00tnTCJRpt8OmRDtV1F0JuJ9x8piLhMbfyOIJVNvwTRYAIuE//i+p1hJInuW | |
raKImxW8oHzf6VGo1bDtN+I2tIJLYrVJmuzHZ9bjPvXj1hJeRPG/cUJ9WIQDgLGB | |
Afr5yjK7tI4nhyfFK3TUqNaX3sNk+crOU6JWvHgXjkkDKa77SU+kFbnO8lwZV21r | |
eacroicgE7XQPUDTITAHk+qZ9QIDAQABo4IBrjCCAaowHQYDVR0OBBYEFLdrouqo | |
qoSMeeq02g+YssWVdrn0MB8GA1UdIwQYMBaAFAPeUDVW0Uy7ZvCj4hsbw5eyPdFV | |
MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw | |
EgYDVR0TAQH/BAgwBgEB/wIBADB2BggrBgEFBQcBAQRqMGgwJAYIKwYBBQUHMAGG | |
GGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBABggrBgEFBQcwAoY0aHR0cDovL2Nh | |
Y2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNydDB7BgNV | |
HR8EdDByMDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRH | |
bG9iYWxSb290Q0EuY3JsMDegNaAzhjFodHRwOi8vY3JsNC5kaWdpY2VydC5jb20v | |
RGlnaUNlcnRHbG9iYWxSb290Q0EuY3JsMDAGA1UdIAQpMCcwBwYFZ4EMAQEwCAYG | |
Z4EMAQIBMAgGBmeBDAECAjAIBgZngQwBAgMwDQYJKoZIhvcNAQELBQADggEBAHer | |
t3onPa679n/gWlbJhKrKW3EX3SJH/E6f7tDBpATho+vFScH90cnfjK+URSxGKqNj | |
OSD5nkoklEHIqdninFQFBstcHL4AGw+oWv8Zu2XHFq8hVt1hBcnpj5h232sb0HIM | |
ULkwKXq/YFkQZhM6LawVEWwtIwwCPgU7/uWhnOKK24fXSuhe50gG66sSmvKvhMNb | |
g0qZgYOrAKHKCjxMoiWJKiKnpPMzTFuMLhoClw+dj20tlQj7T9rxkTgl4ZxuYRiH | |
as6xuwAwapu3r9rxxZf+ingkquqTgLozZXq8oXfpf2kUCwA/d5KxTVtzhwoT0JzI | |
8ks5T1KESaZMkE4f97Q= | |
-----END CERTIFICATE----- |
$ curl https://token.actions.githubusercontent.com/.well-known/openid-configuration | |
$ openssl s_client -servername token.actions.githubusercontent.com -showcerts -connect token.actions.githubusercontent.com:443 < /dev/null | |
CONNECTED(00000003) | |
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA | |
verify return:1 | |
depth=1 C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1 | |
verify return:1 | |
depth=0 C = US, ST = California, L = San Francisco, O = "GitHub, Inc.", CN = *.actions.githubusercontent.com | |
verify return:1 | |
--- | |
Certificate chain | |
0 s:C = US, ST = California, L = San Francisco, O = "GitHub, Inc.", CN = *.actions.githubusercontent.com | |
i:C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1 | |
-----BEGIN CERTIFICATE----- | |
MIIG9jCCBd6gAwIBAgIQCFCR4fqbkQJJbzQZsc87qzANBgkqhkiG9w0BAQsFADBP | |
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMSkwJwYDVQQDEyBE | |
aWdpQ2VydCBUTFMgUlNBIFNIQTI1NiAyMDIwIENBMTAeFw0yMjAxMTEwMDAwMDBa | |
Fw0yMzAxMTEyMzU5NTlaMHsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9y | |
bmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRUwEwYDVQQKEwxHaXRIdWIsIElu | |
Yy4xKDAmBgNVBAMMHyouYWN0aW9ucy5naXRodWJ1c2VyY29udGVudC5jb20wggEi | |
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcHl5GgNgXYUI5Zz085Ar9wSiI | |
gdDnOkaXof2u3pcJ1138Tlz6aheVqXfJ8MOAups0LTr9j/dTHAGWKQz0qdyUdYIJ | |
FwiOlkmphoP+a4xVJXbdVVN7qvmfV8f0YnG5oGVyx9hDl/30JReVIYPbC8JNSiIW | |
2jMYnjqPu41tPclNNroW9K8gJUzT/WE4LRHohOmR1GbC1xQ8YlFS6pFs+Xuznou8 | |
TzO8PsXRdaDe/7pYZgR/Otv5XLY5siCBraMuxtj1g4Z/Tz8d2Z+sMPIxtHZjxmcu | |
LPfIix6cARSpJFgGF7Yh9vgLK9jEkgfuU1Nnshv7S6ylIn5SfHNToQjCRSPJAgMB | |
AAGjggOgMIIDnDAfBgNVHSMEGDAWgBS3a6LqqKqEjHnqtNoPmLLFlXa59DAdBgNV | |
HQ4EFgQUibMM9Yecb/WbuZDkxiGVR39k0QMwSQYDVR0RBEIwQIIfKi5hY3Rpb25z | |
LmdpdGh1YnVzZXJjb250ZW50LmNvbYIdYWN0aW9ucy5naXRodWJ1c2VyY29udGVu | |
dC5jb20wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF | |
BQcDAjCBjwYDVR0fBIGHMIGEMECgPqA8hjpodHRwOi8vY3JsMy5kaWdpY2VydC5j | |
b20vRGlnaUNlcnRUTFNSU0FTSEEyNTYyMDIwQ0ExLTQuY3JsMECgPqA8hjpodHRw | |
Oi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRUTFNSU0FTSEEyNTYyMDIwQ0Ex | |
LTQuY3JsMD4GA1UdIAQ3MDUwMwYGZ4EMAQICMCkwJwYIKwYBBQUHAgEWG2h0dHA6 | |
Ly93d3cuZGlnaWNlcnQuY29tL0NQUzB/BggrBgEFBQcBAQRzMHEwJAYIKwYBBQUH | |
MAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBJBggrBgEFBQcwAoY9aHR0cDov | |
L2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VExTUlNBU0hBMjU2MjAyMENB | |
MS0xLmNydDAMBgNVHRMBAf8EAjAAMIIBfQYKKwYBBAHWeQIEAgSCAW0EggFpAWcA | |
dQCt9776fP8QyIudPZwePhhqtGcpXc+xDCTKhYY069yCigAAAX5IjyPvAAAEAwBG | |
MEQCIDxMGruNl33xLmOdh2UdMxA3aiuIX3vgeXSuXRce6sqBAiApoOxk2sfxfZdw | |
cMxXuM0B8bfgGiQ7IlG14wRa7KQioAB3ADXPGRu/sWxXvw+tTG1Cy7u2JyAmUeo/ | |
4SrvqAPDO9ZMAAABfkiPI8kAAAQDAEgwRgIhAJJmNVWqVfFlQLdX8sbbQ9VmJA5K | |
28ldvwLQpnJopgFzAiEAsGYoIzVOBazT96kGYIuJ3k+Zya7PsFtPVyUbOom55PcA | |
dQCzc3cH4YRQ+GOG1gWp3BEJSnktsWcMC4fc8AMOeTalmgAAAX5IjyPnAAAEAwBG | |
MEQCIE0NMqwPjqYJwxYqrh7CVueH1rWvKYvRj8cvv3fr7Ku5AiBGFfeJ+Nsy3VCW | |
TAih+ito29SvJ0TJrDsyHy3PhkmZ6jANBgkqhkiG9w0BAQsFAAOCAQEAih09kwU8 | |
8j/R3/xDkV/2Td/ZbgzUPrrjnMqL32Kv8zqPb0AnaOZbA9XqMuQimLDPqr7fTtKR | |
BRhXStaNT5s7zZm3g9P+Xsxl2XSiuTbR0Y9MOmfgWA0Jv3vw8zq/etdGBrV0stQ/ | |
JB2GKteYl9hP7eOj0xaNg/ylaCDONG084lqVlugggmsW9RgN3zAESmALahezuzlN | |
G5asPhNDCIRyo3mm0hHCV4/Kvoura/bGVkc7Wkk6q/cplN5VCSq9wYk2ugEaxsc1 | |
YeqXpxQtRVJTF/UtuNpWS+Tp1COx3DiaoTjCmEImSzYarfZ7QIMR9opxJEPAB52h | |
s/oLX5ruUXwvIw== | |
-----END CERTIFICATE----- | |
1 s:C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1 | |
i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA | |
-----BEGIN CERTIFICATE----- | |
MIIE6jCCA9KgAwIBAgIQCjUI1VwpKwF9+K1lwA/35DANBgkqhkiG9w0BAQsFADBh | |
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 | |
d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD | |
QTAeFw0yMDA5MjQwMDAwMDBaFw0zMDA5MjMyMzU5NTlaME8xCzAJBgNVBAYTAlVT | |
MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxKTAnBgNVBAMTIERpZ2lDZXJ0IFRMUyBS | |
U0EgU0hBMjU2IDIwMjAgQ0ExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC | |
AQEAwUuzZUdwvN1PWNvsnO3DZuUfMRNUrUpmRh8sCuxkB+Uu3Ny5CiDt3+PE0J6a | |
qXodgojlEVbbHp9YwlHnLDQNLtKS4VbL8Xlfs7uHyiUDe5pSQWYQYE9XE0nw6Ddn | |
g9/n00tnTCJRpt8OmRDtV1F0JuJ9x8piLhMbfyOIJVNvwTRYAIuE//i+p1hJInuW | |
raKImxW8oHzf6VGo1bDtN+I2tIJLYrVJmuzHZ9bjPvXj1hJeRPG/cUJ9WIQDgLGB | |
Afr5yjK7tI4nhyfFK3TUqNaX3sNk+crOU6JWvHgXjkkDKa77SU+kFbnO8lwZV21r | |
eacroicgE7XQPUDTITAHk+qZ9QIDAQABo4IBrjCCAaowHQYDVR0OBBYEFLdrouqo | |
qoSMeeq02g+YssWVdrn0MB8GA1UdIwQYMBaAFAPeUDVW0Uy7ZvCj4hsbw5eyPdFV | |
MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw | |
EgYDVR0TAQH/BAgwBgEB/wIBADB2BggrBgEFBQcBAQRqMGgwJAYIKwYBBQUHMAGG | |
GGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBABggrBgEFBQcwAoY0aHR0cDovL2Nh | |
Y2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNydDB7BgNV | |
HR8EdDByMDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRH | |
bG9iYWxSb290Q0EuY3JsMDegNaAzhjFodHRwOi8vY3JsNC5kaWdpY2VydC5jb20v | |
RGlnaUNlcnRHbG9iYWxSb290Q0EuY3JsMDAGA1UdIAQpMCcwBwYFZ4EMAQEwCAYG | |
Z4EMAQIBMAgGBmeBDAECAjAIBgZngQwBAgMwDQYJKoZIhvcNAQELBQADggEBAHer | |
t3onPa679n/gWlbJhKrKW3EX3SJH/E6f7tDBpATho+vFScH90cnfjK+URSxGKqNj | |
OSD5nkoklEHIqdninFQFBstcHL4AGw+oWv8Zu2XHFq8hVt1hBcnpj5h232sb0HIM | |
ULkwKXq/YFkQZhM6LawVEWwtIwwCPgU7/uWhnOKK24fXSuhe50gG66sSmvKvhMNb | |
g0qZgYOrAKHKCjxMoiWJKiKnpPMzTFuMLhoClw+dj20tlQj7T9rxkTgl4ZxuYRiH | |
as6xuwAwapu3r9rxxZf+ingkquqTgLozZXq8oXfpf2kUCwA/d5KxTVtzhwoT0JzI | |
8ks5T1KESaZMkE4f97Q= | |
-----END CERTIFICATE----- | |
--- | |
Server certificate | |
subject=C = US, ST = California, L = San Francisco, O = "GitHub, Inc.", CN = *.actions.githubusercontent.com | |
issuer=C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1 | |
--- | |
No client certificate CA names sent | |
Peer signing digest: SHA256 | |
Peer signature type: RSA-PSS | |
Server Temp Key: ECDH, P-384, 384 bits | |
--- | |
SSL handshake has read 3854 bytes and written 485 bytes | |
Verification: OK | |
--- | |
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384 | |
Server public key is 2048 bit | |
Secure Renegotiation IS supported | |
Compression: NONE | |
Expansion: NONE | |
No ALPN negotiated | |
SSL-Session: | |
Protocol : TLSv1.2 | |
Cipher : ECDHE-RSA-AES256-GCM-SHA384 | |
Session-ID: 4C50FF4BC6477E099C9A4CACE6222BB0522842E9B123D53015D48486912CFE6C | |
Session-ID-ctx: | |
Master-Key: 886D9942CA50B8C12502A9FED7B65ADA854AF7E716A30BF3C4A635F24EEAFF636EDE536EA741A3A767107CE3C5FDDB04 | |
PSK identity: None | |
PSK identity hint: None | |
SRP username: None | |
TLS session ticket lifetime hint: 36000 (seconds) | |
TLS session ticket: | |
0000 - 00 00 00 00 99 65 c2 71-5b 5c 53 4f 9b 4f 35 86 .....e.q[\SO.O5. | |
0010 - b3 82 a6 9e 4c e1 ae de-2f c1 33 df 99 53 cb 3f ....L.../.3..S.? | |
0020 - ee 3a 38 43 78 ed e4 1a-ce ba a3 44 c5 0c 52 fa .:8Cx......D..R. | |
0030 - 88 9b 37 03 9e a6 80 1b-f1 44 4a 33 c7 cc 8c 8b ..7......DJ3.... | |
0040 - d1 af 4f b9 d5 35 34 30-04 61 42 8e df e3 37 14 ..O..540.aB...7. | |
0050 - 68 a7 59 6c 28 82 f5 91-df 63 a8 59 ab f3 69 cc h.Yl(....c.Y..i. | |
0060 - 8c c6 4e 46 28 e4 51 ac-d6 72 d1 6d 08 cf 17 a7 ..NF(.Q..r.m.... | |
0070 - 25 40 dc 25 4f c6 a4 8c-fc de 3b c6 66 66 32 a9 %@.%O.....;.ff2. | |
0080 - 6b f7 6a 9f a4 d5 22 03-86 b3 2e bb 84 92 2c a1 k.j...".......,. | |
0090 - 9e 68 24 07 44 6a 4a 66-f0 99 0c 40 c0 6b 17 83 [email protected].. | |
00a0 - 44 2c 96 61 0f 73 f9 43-e1 b6 27 80 3c ec 32 69 D,.a.s.C..'.<.2i | |
00b0 - be 0b 68 d7 41 5f 92 98-41 d6 49 38 1c 21 49 6c ..h.A_..A.I8.!Il | |
00c0 - 20 42 24 12 d4 74 5e be-aa 19 45 7d b1 ee 8f 83 B$..t^...E}.... | |
00d0 - c8 be 3f f7 ca 8d 7b 61-53 c9 06 98 cb db bd ac ..?...{aS....... | |
00e0 - c6 fa d6 8e 46 52 f6 8f-97 2d 53 93 48 51 43 3b ....FR...-S.HQC; | |
00f0 - 65 37 c2 2e c3 d1 01 1e-c2 b5 39 ed c7 a1 0f 1e e7........9..... | |
0100 - 5b f1 21 f4 [.!. | |
Start Time: 1642036537 | |
Timeout : 7200 (sec) | |
Verify return code: 0 (ok) | |
Extended master secret: yes | |
--- |
$ openssl s_client -servername token.actions.githubusercontent.com -connect token.actions.githubusercontent.com:443 < /dev/null | openssl x509 -text | |
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA | |
verify return:1 | |
depth=1 C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1 | |
verify return:1 | |
depth=0 C = US, ST = California, L = San Francisco, O = "GitHub, Inc.", CN = *.actions.githubusercontent.com | |
verify return:1 | |
DONE | |
Certificate: | |
Data: | |
Version: 3 (0x2) | |
Serial Number: | |
08:50:91:e1:fa:9b:91:02:49:6f:34:19:b1:cf:3b:ab | |
Signature Algorithm: sha256WithRSAEncryption | |
Issuer: C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1 | |
Validity | |
Not Before: Jan 11 00:00:00 2022 GMT | |
Not After : Jan 11 23:59:59 2023 GMT | |
Subject: C = US, ST = California, L = San Francisco, O = "GitHub, Inc.", CN = *.actions.githubusercontent.com | |
Subject Public Key Info: | |
Public Key Algorithm: rsaEncryption | |
RSA Public-Key: (2048 bit) | |
Modulus: | |
00:9c:1e:5e:46:80:d8:17:61:42:39:67:3d:3c:e4: | |
0a:fd:c1:28:88:81:d0:e7:3a:46:97:a1:fd:ae:de: | |
97:09:d7:5d:fc:4e:5c:fa:6a:17:95:a9:77:c9:f0: | |
c3:80:ba:9b:34:2d:3a:fd:8f:f7:53:1c:01:96:29: | |
0c:f4:a9:dc:94:75:82:09:17:08:8e:96:49:a9:86: | |
83:fe:6b:8c:55:25:76:dd:55:53:7b:aa:f9:9f:57: | |
c7:f4:62:71:b9:a0:65:72:c7:d8:43:97:fd:f4:25: | |
17:95:21:83:db:0b:c2:4d:4a:22:16:da:33:18:9e: | |
3a:8f:bb:8d:6d:3d:c9:4d:36:ba:16:f4:af:20:25: | |
4c:d3:fd:61:38:2d:11:e8:84:e9:91:d4:66:c2:d7: | |
14:3c:62:51:52:ea:91:6c:f9:7b:b3:9e:8b:bc:4f: | |
33:bc:3e:c5:d1:75:a0:de:ff:ba:58:66:04:7f:3a: | |
db:f9:5c:b6:39:b2:20:81:ad:a3:2e:c6:d8:f5:83: | |
86:7f:4f:3f:1d:d9:9f:ac:30:f2:31:b4:76:63:c6: | |
67:2e:2c:f7:c8:8b:1e:9c:01:14:a9:24:58:06:17: | |
b6:21:f6:f8:0b:2b:d8:c4:92:07:ee:53:53:67:b2: | |
1b:fb:4b:ac:a5:22:7e:52:7c:73:53:a1:08:c2:45: | |
23:c9 | |
Exponent: 65537 (0x10001) | |
X509v3 extensions: | |
X509v3 Authority Key Identifier: | |
keyid:B7:6B:A2:EA:A8:AA:84:8C:79:EA:B4:DA:0F:98:B2:C5:95:76:B9:F4 | |
X509v3 Subject Key Identifier: | |
89:B3:0C:F5:87:9C:6F:F5:9B:B9:90:E4:C6:21:95:47:7F:64:D1:03 | |
X509v3 Subject Alternative Name: | |
DNS:*.actions.githubusercontent.com, DNS:actions.githubusercontent.com | |
X509v3 Key Usage: critical | |
Digital Signature, Key Encipherment | |
X509v3 Extended Key Usage: | |
TLS Web Server Authentication, TLS Web Client Authentication | |
X509v3 CRL Distribution Points: | |
Full Name: | |
URI:http://crl3.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl | |
Full Name: | |
URI:http://crl4.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl | |
X509v3 Certificate Policies: | |
Policy: 2.23.140.1.2.2 | |
CPS: http://www.digicert.com/CPS | |
Authority Information Access: | |
OCSP - URI:http://ocsp.digicert.com | |
CA Issuers - URI:http://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1-1.crt | |
X509v3 Basic Constraints: critical | |
CA:FALSE | |
CT Precertificate SCTs: | |
Signed Certificate Timestamp: | |
Version : v1 (0x0) | |
Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A: | |
B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A | |
Timestamp : Jan 11 09:54:07.471 2022 GMT | |
Extensions: none | |
Signature : ecdsa-with-SHA256 | |
30:44:02:20:3C:4C:1A:BB:8D:97:7D:F1:2E:63:9D:87: | |
65:1D:33:10:37:6A:2B:88:5F:7B:E0:79:74:AE:5D:17: | |
1E:EA:CA:81:02:20:29:A0:EC:64:DA:C7:F1:7D:97:70: | |
70:CC:57:B8:CD:01:F1:B7:E0:1A:24:3B:22:51:B5:E3: | |
04:5A:EC:A4:22:A0 | |
Signed Certificate Timestamp: | |
Version : v1 (0x0) | |
Log ID : 35:CF:19:1B:BF:B1:6C:57:BF:0F:AD:4C:6D:42:CB:BB: | |
B6:27:20:26:51:EA:3F:E1:2A:EF:A8:03:C3:3B:D6:4C | |
Timestamp : Jan 11 09:54:07.433 2022 GMT | |
Extensions: none | |
Signature : ecdsa-with-SHA256 | |
30:46:02:21:00:92:66:35:55:AA:55:F1:65:40:B7:57: | |
F2:C6:DB:43:D5:66:24:0E:4A:DB:C9:5D:BF:02:D0:A6: | |
72:68:A6:01:73:02:21:00:B0:66:28:23:35:4E:05:AC: | |
D3:F7:A9:06:60:8B:89:DE:4F:99:C9:AE:CF:B0:5B:4F: | |
57:25:1B:3A:89:B9:E4:F7 | |
Signed Certificate Timestamp: | |
Version : v1 (0x0) | |
Log ID : B3:73:77:07:E1:84:50:F8:63:86:D6:05:A9:DC:11:09: | |
4A:79:2D:B1:67:0C:0B:87:DC:F0:03:0E:79:36:A5:9A | |
Timestamp : Jan 11 09:54:07.463 2022 GMT | |
Extensions: none | |
Signature : ecdsa-with-SHA256 | |
30:44:02:20:4D:0D:32:AC:0F:8E:A6:09:C3:16:2A:AE: | |
1E:C2:56:E7:87:D6:B5:AF:29:8B:D1:8F:C7:2F:BF:77: | |
EB:EC:AB:B9:02:20:46:15:F7:89:F8:DB:32:DD:50:96: | |
4C:08:A1:FA:2B:68:DB:D4:AF:27:44:C9:AC:3B:32:1F: | |
2D:CF:86:49:99:EA | |
Signature Algorithm: sha256WithRSAEncryption | |
8a:1d:3d:93:05:3c:f2:3f:d1:df:fc:43:91:5f:f6:4d:df:d9: | |
6e:0c:d4:3e:ba:e3:9c:ca:8b:df:62:af:f3:3a:8f:6f:40:27: | |
68:e6:5b:03:d5:ea:32:e4:22:98:b0:cf:aa:be:df:4e:d2:91: | |
05:18:57:4a:d6:8d:4f:9b:3b:cd:99:b7:83:d3:fe:5e:cc:65: | |
d9:74:a2:b9:36:d1:d1:8f:4c:3a:67:e0:58:0d:09:bf:7b:f0: | |
f3:3a:bf:7a:d7:46:06:b5:74:b2:d4:3f:24:1d:86:2a:d7:98: | |
97:d8:4f:ed:e3:a3:d3:16:8d:83:fc:a5:68:20:ce:34:6d:3c: | |
e2:5a:95:96:e8:20:82:6b:16:f5:18:0d:df:30:04:4a:60:0b: | |
6a:17:b3:bb:39:4d:1b:96:ac:3e:13:43:08:84:72:a3:79:a6: | |
d2:11:c2:57:8f:ca:be:8b:ab:6b:f6:c6:56:47:3b:5a:49:3a: | |
ab:f7:29:94:de:55:09:2a:bd:c1:89:36:ba:01:1a:c6:c7:35: | |
61:ea:97:a7:14:2d:45:52:53:17:f5:2d:b8:da:56:4b:e4:e9: | |
d4:23:b1:dc:38:9a:a1:38:c2:98:42:26:4b:36:1a:ad:f6:7b: | |
40:83:11:f6:8a:71:24:43:c0:07:9d:a1:b3:fa:0b:5f:9a:ee: | |
51:7c:2f:23 | |
-----BEGIN CERTIFICATE----- | |
MIIG9jCCBd6gAwIBAgIQCFCR4fqbkQJJbzQZsc87qzANBgkqhkiG9w0BAQsFADBP | |
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMSkwJwYDVQQDEyBE | |
aWdpQ2VydCBUTFMgUlNBIFNIQTI1NiAyMDIwIENBMTAeFw0yMjAxMTEwMDAwMDBa | |
Fw0yMzAxMTEyMzU5NTlaMHsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9y | |
bmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRUwEwYDVQQKEwxHaXRIdWIsIElu | |
Yy4xKDAmBgNVBAMMHyouYWN0aW9ucy5naXRodWJ1c2VyY29udGVudC5jb20wggEi | |
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcHl5GgNgXYUI5Zz085Ar9wSiI | |
gdDnOkaXof2u3pcJ1138Tlz6aheVqXfJ8MOAups0LTr9j/dTHAGWKQz0qdyUdYIJ | |
FwiOlkmphoP+a4xVJXbdVVN7qvmfV8f0YnG5oGVyx9hDl/30JReVIYPbC8JNSiIW | |
2jMYnjqPu41tPclNNroW9K8gJUzT/WE4LRHohOmR1GbC1xQ8YlFS6pFs+Xuznou8 | |
TzO8PsXRdaDe/7pYZgR/Otv5XLY5siCBraMuxtj1g4Z/Tz8d2Z+sMPIxtHZjxmcu | |
LPfIix6cARSpJFgGF7Yh9vgLK9jEkgfuU1Nnshv7S6ylIn5SfHNToQjCRSPJAgMB | |
AAGjggOgMIIDnDAfBgNVHSMEGDAWgBS3a6LqqKqEjHnqtNoPmLLFlXa59DAdBgNV | |
HQ4EFgQUibMM9Yecb/WbuZDkxiGVR39k0QMwSQYDVR0RBEIwQIIfKi5hY3Rpb25z | |
LmdpdGh1YnVzZXJjb250ZW50LmNvbYIdYWN0aW9ucy5naXRodWJ1c2VyY29udGVu | |
dC5jb20wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF | |
BQcDAjCBjwYDVR0fBIGHMIGEMECgPqA8hjpodHRwOi8vY3JsMy5kaWdpY2VydC5j | |
b20vRGlnaUNlcnRUTFNSU0FTSEEyNTYyMDIwQ0ExLTQuY3JsMECgPqA8hjpodHRw | |
Oi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRUTFNSU0FTSEEyNTYyMDIwQ0Ex | |
LTQuY3JsMD4GA1UdIAQ3MDUwMwYGZ4EMAQICMCkwJwYIKwYBBQUHAgEWG2h0dHA6 | |
Ly93d3cuZGlnaWNlcnQuY29tL0NQUzB/BggrBgEFBQcBAQRzMHEwJAYIKwYBBQUH | |
MAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBJBggrBgEFBQcwAoY9aHR0cDov | |
L2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VExTUlNBU0hBMjU2MjAyMENB | |
MS0xLmNydDAMBgNVHRMBAf8EAjAAMIIBfQYKKwYBBAHWeQIEAgSCAW0EggFpAWcA | |
dQCt9776fP8QyIudPZwePhhqtGcpXc+xDCTKhYY069yCigAAAX5IjyPvAAAEAwBG | |
MEQCIDxMGruNl33xLmOdh2UdMxA3aiuIX3vgeXSuXRce6sqBAiApoOxk2sfxfZdw | |
cMxXuM0B8bfgGiQ7IlG14wRa7KQioAB3ADXPGRu/sWxXvw+tTG1Cy7u2JyAmUeo/ | |
4SrvqAPDO9ZMAAABfkiPI8kAAAQDAEgwRgIhAJJmNVWqVfFlQLdX8sbbQ9VmJA5K | |
28ldvwLQpnJopgFzAiEAsGYoIzVOBazT96kGYIuJ3k+Zya7PsFtPVyUbOom55PcA | |
dQCzc3cH4YRQ+GOG1gWp3BEJSnktsWcMC4fc8AMOeTalmgAAAX5IjyPnAAAEAwBG | |
MEQCIE0NMqwPjqYJwxYqrh7CVueH1rWvKYvRj8cvv3fr7Ku5AiBGFfeJ+Nsy3VCW | |
TAih+ito29SvJ0TJrDsyHy3PhkmZ6jANBgkqhkiG9w0BAQsFAAOCAQEAih09kwU8 | |
8j/R3/xDkV/2Td/ZbgzUPrrjnMqL32Kv8zqPb0AnaOZbA9XqMuQimLDPqr7fTtKR | |
BRhXStaNT5s7zZm3g9P+Xsxl2XSiuTbR0Y9MOmfgWA0Jv3vw8zq/etdGBrV0stQ/ | |
JB2GKteYl9hP7eOj0xaNg/ylaCDONG084lqVlugggmsW9RgN3zAESmALahezuzlN | |
G5asPhNDCIRyo3mm0hHCV4/Kvoura/bGVkc7Wkk6q/cplN5VCSq9wYk2ugEaxsc1 | |
YeqXpxQtRVJTF/UtuNpWS+Tp1COx3DiaoTjCmEImSzYarfZ7QIMR9opxJEPAB52h | |
s/oLX5ruUXwvIw== | |
-----END CERTIFICATE----- |
// oidc provider | |
resource "aws_iam_openid_connect_provider" "main" { | |
url = "https://token.actions.githubusercontent.com" | |
client_id_list = ["sts.amazonaws.com"] | |
thumbprint_list = ["a031c46782e6e6c662c2c87c76da9aa62ccabd8e", "6938fd4d98bab03faadb97b34396831e3780aea1"] // added new thumbprint | |
} |
Your should use 6938fd4d98bab03faadb97b34396831e3780aea1
Next update will be happen on Jan 11 23:59:59 2023 GMT
.
Validity
Not Before: Jan 11 00:00:00 2022 GMT
Not After : Jan 11 23:59:59 2023 GMT
@guitarrapc thanks for posting this, this helped us with the prior certificate expiring. I don't want to have the same problem in January 2023 though. Do you know if there is a way to know the next thumbprint before the certificate expires. How long before expiration does GH change their certificate?
@pcothenet I have no idea about how GH handle next certificate renewal 😢 I hope they prepare 2-N weeks before certificate expires, but it's depends on service and no guranteed at all.
There's an issue on the aws-actions/configure-aws-credentials repo (with a Terraform solution) related to this: aws-actions/configure-aws-credentials#357
nice one. thanks for this
ref: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc_verify-thumbprint.html