Openssl shows a different server certificate while browser shows correctly
there is a SNI issue with openssl, try using this command:
openssl s_client -showcerts -connect www.example.com:443 -servername www.example.com </dev/null
The addition of -servername according to this article should clear it up.
The server is issuing a permanent redirect to ethornetworks.com. To see it, first issue your s_client command:
$ openssl s_client -CAfile AddTrustExternalCARoot.crt -connect apitest.ethormapp.com:443CONNECTED(00000003)depth=4 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Rootverify return:1depth=3 C = US, ST = UT, L = Salt Lake City, O = The USERTRUST Network, OU = http://www.usertrust.com, CN = UTN - DATACorp SGCverify return:1depth=2 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO Certification Authorityverify return:1depth=1 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = EssentialSSL CAverify return:1depth=0 OU = Domain Control Validated, OU = EssentialSSL Wildcard, CN = *.ethornetworks.comverify return:1...At the very bottom, after you get the verify result, enter a GET / HTTP/1.0 command and press RETURN twice:
... Start Time: 1390985154 Timeout : 300 (sec) Verify return code: 0 (ok)---GET / HTTP/1.0HTTP/1.1 301 Moved PermanentlyServer: nginx/1.4.4Date: Wed, 29 Jan 2014 08:46:01 GMTContent-Type: text/htmlContent-Length: 184Connection: closeLocation: https://www.ethornetworks.com/<html><head><title>301 Moved Permanently</title></head><body bgcolor="white"><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.4.4</center></body></html>closed$ If you follow the redirect, then you will get the expected result:
$ openssl s_client -CAfile AddTrustExternalCARoot.crt -connect www.ethornetworks.com:443CONNECTED(00000003)depth=4 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Rootverify error:num=19:self signed certificate in certificate chainverify return:0---Certificate chain 0 s:/OU=Domain Control Validated/OU=EssentialSSL Wildcard/CN=*.ethornetworks.com i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=EssentialSSL CA 1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=EssentialSSL CA i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO Certification Authority...Finally, you can use the AddTrust External CA Root to ensure the chain verifies as expected. Without it and the -CAfile option, s_client will report 19 (self signed certificate in certificate chain).