Certificate
"We'd point you to the NSA's Information Assurance Directorate website discussing CNSA, but presently Chrome throws a certificate warning that "Your connection is not private." Imagine that from an intelligence agency."
You mean, you *haven't* manually configured your browser to trust certificates signed by "DoD Root CA 3" ?! How remiss of you.
$ openssl s_client -connect www.iad.gov:443
CONNECTED(00000003)
depth=2 C = US, O = U.S. Government, OU = DoD, OU = PKI, CN = DoD Root CA 3
verify error:num=19:self signed certificate in certificate chain
---
Certificate chain
0 s:/C=US/O=U.S. Government/OU=DoD/OU=PKI/OU=NSA/CSS/CN=www.iad.gov
i:/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID SW CA-37
1 s:/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD ID SW CA-37
i:/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3
2 s:/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3
i:/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DoD Root CA 3
---
Even if you trust the certificate, you also have to accept a bunch of cookies and redirects from the BIG-IP load balancer they use.
You can just about get the page like this:
$ curl -c /dev/null -L -k https://www.iad.gov/iad/programs/iacnsa-suite.cfm
(Add -v to see the full nonsense)
Biting the hand that feeds IT
