Oh, I understand.
Now I run openssl s_client -connect apple-pay-gateway-nc-pod5.apple.com:443 -servername apple-pay-gateway-nc-pod5.apple.com
Got
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
verify return:1
depth=1 C = US, O = "DigiCert, Inc.", OU = www.digicert.com, CN = DigiCert Global CA-3 G2
verify return:1
depth=0 businessCategory = Private Organization, jurisdictionC = US, jurisdictionST = California, serialNumber = C0806592, C = US, ST = California, L = Cupertino, O = Apple Inc., OU = GNCS Traffic Management, CN = apple-pay-gateway.apple.com
verify return:1
140711956099520:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:../ssl/record/rec_layer_s3.c:1528:SSL alert number 40
---
Certificate chain
0 s:businessCategory = Private Organization, jurisdictionC = US, jurisdictionST = California, serialNumber = C0806592, C = US, ST = California, L = Cupertino, O = Apple Inc., OU = GNCS Traffic Management, CN = apple-pay-gateway.apple.com
i:C = US, O = "DigiCert, Inc.", OU = www.digicert.com, CN = DigiCert Global CA-3 G2
1 s:C = US, O = "DigiCert, Inc.", OU = www.digicert.com, CN = DigiCert Global CA-3 G2
i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
---
Server certificate
-----BEGIN CERTIFICATE-----
MIINSDCCDDCgAwIBAgIQA8lppyXTVrDcMOGlTTKakDANBgkqhkiG9w0BAQsFADBj
MQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xGTAXBgNVBAsT
EHd3dy5kaWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBDQS0z
IEcyMB4XDTIwMDIyMDAwMDAwMFoXDTIxMDIxOTEyMDAwMFowgfcxHTAbBgNVBA8M
FFByaXZhdGUgT3JnYW5pemF0aW9uMRMwEQYLKwYBBAGCNzwCAQMTAlVTMRswGQYL
KwYBBAGCNzwCAQITCkNhbGlmb3JuaWExETAPBgNVBAUTCEMwODA2NTkyMQswCQYD
VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJQ3VwZXJ0aW5v
MRMwEQYDVQQKEwpBcHBsZSBJbmMuMSAwHgYDVQQLExdHTkNTIFRyYWZmaWMgTWFu
YWdlbWVudDEkMCIGA1UEAxMbYXBwbGUtcGF5LWdhdGV3YXkuYXBwbGUuY29tMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAomWXrH2PbEjmPI0/eW3o1XjL
pLxXQLFCNW1+NuwOD8zEH0FHsE1gNrca6vj0+aLxVFmiT3zMDf4ZYqKS0dPASKAY
qvsT6QbUXcbELO3Ka9CZgVQrFdLkVUf7qXB3iSC3DRYTque+7w1zFJF4kN0JjzKY
s/FHng9pzTdsm/3pA7ubX2TKgPab89QVDzRZp8/odZGcGlrvdWYM4Qq3wuu0eZXR
ctPtFHA09FIY+LjuaRLViMDSKG6YuuaxccQfm7YjcQJc5zH/W+tL+4VUT06L5GmN
oCLjzXbWD2R1SmdJ1TBKgbmKr0XrqAUX1c9hZfGAIyDwAekEM2TzndqYY8pRSQID
AQABo4IJYTCCCV0wHwYDVR0jBBgwFoAUm2b1dH/LXQ6vGq5QagErxYSmVMYwHQYD
VR0OBBYEFCvC1Ey5ljpQTSPo5l8VqhcT8pMeMIIFoQYDVR0RBIIFmDCCBZSCHmFw
cGxlLXBheS1nYXRld2F5LW5jLmFwcGxlLmNvbYIeYXBwbGUtcGF5LWdhdGV3YXkt
cHIuYXBwbGUuY29tgiJhcHBsZS1wYXktZ2F0ZXdheS1uYy1wb2QuYXBwbGUuY29t
giJhcHBsZS1wYXktZ2F0ZXdheS1wci1wb2QuYXBwbGUuY29tgiNhcHBsZS1wYXkt
Z2F0ZXdheS1uYy1wb2QxLmFwcGxlLmNvbYIjYXBwbGUtcGF5LWdhdGV3YXktbmMt
cG9kMi5hcHBsZS5jb22CI2FwcGxlLXBheS1nYXRld2F5LW5jLXBvZDMuYXBwbGUu
Y29tgiNhcHBsZS1wYXktZ2F0ZXdheS1uYy1wb2Q0LmFwcGxlLmNvbYIjYXBwbGUt
cGF5LWdhdGV3YXktbmMtcG9kNS5hcHBsZS5jb22CI2FwcGxlLXBheS1nYXRld2F5
LXByLXBvZDEuYXBwbGUuY29tgiNhcHBsZS1wYXktZ2F0ZXdheS1wci1wb2QyLmFw
cGxlLmNvbYIjYXBwbGUtcGF5LWdhdGV3YXktcHItcG9kMy5hcHBsZS5jb22CI2Fw
cGxlLXBheS1nYXRld2F5LXByLXBvZDQuYXBwbGUuY29tgiNhcHBsZS1wYXktZ2F0
ZXdheS1wci1wb2Q1LmFwcGxlLmNvbYIeY24tYXBwbGUtcGF5LWdhdGV3YXkuYXBw
bGUuY29tgiVjbi1hcHBsZS1wYXktZ2F0ZXdheS1zaC1wb2QuYXBwbGUuY29tgiZj
bi1hcHBsZS1wYXktZ2F0ZXdheS1zaC1wb2QxLmFwcGxlLmNvbYImY24tYXBwbGUt
cGF5LWdhdGV3YXktc2gtcG9kMi5hcHBsZS5jb22CJmNuLWFwcGxlLXBheS1nYXRl
d2F5LXNoLXBvZDMuYXBwbGUuY29tgiZjbi1hcHBsZS1wYXktZ2F0ZXdheS10ai1w
b2QxLmFwcGxlLmNvbYImY24tYXBwbGUtcGF5LWdhdGV3YXktdGotcG9kMi5hcHBs
ZS5jb22CJmNuLWFwcGxlLXBheS1nYXRld2F5LXRqLXBvZDMuYXBwbGUuY29tgiZj
bi1hcHBsZS1wYXktZ2F0ZXdheS1uYy1wb2QxLmFwcGxlLmNvbYImY24tYXBwbGUt
cGF5LWdhdGV3YXktbmMtcG9kMi5hcHBsZS5jb22CJmNuLWFwcGxlLXBheS1nYXRl
d2F5LW5jLXBvZDMuYXBwbGUuY29tgiZjbi1hcHBsZS1wYXktZ2F0ZXdheS1uYy1w
b2Q0LmFwcGxlLmNvbYImY24tYXBwbGUtcGF5LWdhdGV3YXktbmMtcG9kNS5hcHBs
ZS5jb22CJmNuLWFwcGxlLXBheS1nYXRld2F5LXByLXBvZDEuYXBwbGUuY29tgiZj
bi1hcHBsZS1wYXktZ2F0ZXdheS1wci1wb2QyLmFwcGxlLmNvbYImY24tYXBwbGUt
cGF5LWdhdGV3YXktcHItcG9kMy5hcHBsZS5jb22CJmNuLWFwcGxlLXBheS1nYXRl
d2F5LXByLXBvZDQuYXBwbGUuY29tgiNhcHBsZS1wYXktZ2F0ZXdheS1zaC1wb2Qx
LmFwcGxlLmNvbYIjYXBwbGUtcGF5LWdhdGV3YXktc2gtcG9kMi5hcHBsZS5jb22C
I2FwcGxlLXBheS1nYXRld2F5LXNoLXBvZDMuYXBwbGUuY29tgiNhcHBsZS1wYXkt
Z2F0ZXdheS10ai1wb2QxLmFwcGxlLmNvbYIjYXBwbGUtcGF5LWdhdGV3YXktdGot
cG9kMi5hcHBsZS5jb22CI2FwcGxlLXBheS1nYXRld2F5LXRqLXBvZDMuYXBwbGUu
Y29tghthcHBsZS1wYXktZ2F0ZXdheS5hcHBsZS5jb20wDgYDVR0PAQH/BAQDAgWg
MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB7BgNVHR8EdDByMDegNaAz
hjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxDQS0zRzIu
Y3JsMDegNaAzhjFodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9i
YWxDQS0zRzIuY3JsMEsGA1UdIAREMEIwNwYJYIZIAYb9bAIBMCowKAYIKwYBBQUH
AgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwBwYFZ4EMAQEwdgYIKwYB
BQUHAQEEajBoMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20w
QAYIKwYBBQUHMAKGNGh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2Vy
dEdsb2JhbENBLTNHMi5jcnQwCQYDVR0TBAIwADCCAfgGCisGAQQB1nkCBAIEggHo
BIIB5AHiAHcA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAFwZOdP
xwAABAMASDBGAiEApEpt8ns7d347mJuhlMK+gxo8ZSWiqhvUxcvMxlaBQmMCIQDw
ulSpUeKCH45kLYEZBvvN7gT1Bs/dK78CiT8X2uyvywB1AFzcQ5L+5qtFRLFemtRW
5hA3+9X6R9yhc5SyXub2xw7KAAABcGTnUA4AAAQDAEYwRAIgSH8mKrOQ8enCIwpt
W7q/Sv5oe/eviO51sfN0kEjOmTQCIA7N4ZTpR1IjV4xQnRt2SqxGTty2Y4qwvBIi
bN4HWqdpAHcAVhQGmi/XwuzT9eG9RLI+x0Z2ubyZEVzA75SYVdaJ0N0AAAFwZOdR
4gAABAMASDBGAiEA0EZYoE4OWh/WEpu2c67+9PHp/Mv47m+NGnO2OgFcq/gCIQDI
Lo8EWPpgaA0c1oVN1wW+LeDNGGk/OUWJBEPeNsIFNwB3AKS5CZC0GFgUh7sTosxn
cAo8NZgE+RvfuON3zQ7IDdwQAAABcGTnUvgAAAQDAEgwRgIhAJr7MrrNa6w+t2U+
qdnD6NWPSZ9pfkhFtVs16bxge8HMAiEA6TIWI5rNKQ4Kcscy5pse4YXYsB5nyuIj
kuMbRF428B0wDQYJKoZIhvcNAQELBQADggEBAFn0cJDttFzT07t1AnLICf/W9MsZ
Qaf8RPwAUD5w0mCvUYv0v3e8G2YP3fp8Fm0dSrrfvqvdPANxlBzbscthHa0BKvDN
4BbN92qeqPdJUSmFu/m9+pp0LL5tknkql5rrdDrzt5185UM/XjXbflx5g0PLiibO
74V8DUf74OsAoI8vlS7sElRp/dz02A9z0QN7l35H3bcvbaG/nyOV0NKdaLiKR501
z868HI2Im5z5oeY/woIkugZmYJyczi5j+nhUOVQBLdywMaGTf1j90ZmyBCRolbAJ
/sUHZATqDR0/c+vEWdYNaIvQmoKrrmeJW6shO7Xa8BNVaXqqf4Sf5rtgsyI=
-----END CERTIFICATE-----
subject=businessCategory = Private Organization, jurisdictionC = US, jurisdictionST = California, serialNumber = C0806592, C = US, ST = California, L = Cupertino, O = Apple Inc., OU = GNCS Traffic Management, CN = apple-pay-gateway.apple.com
issuer=C = US, O = "DigiCert, Inc.", OU = www.digicert.com, CN = DigiCert Global CA-3 G2
---
Acceptable client certificate CA names
C = US, O = Apple Inc., OU = Apple Worldwide Developer Relations, CN = Apple Worldwide Developer Relations Certification Authority
CN = Apple Corporate Root CA, OU = Certification Authority, O = Apple Inc., C = US
CN = Apple Corporate External Authentication CA 1, OU = Certification Authority, O = Apple Inc., C = US
C = US, O = Apple Inc., OU = Apple Certification Authority, CN = Apple Root CA
Client Certificate Types: RSA sign, ECDSA sign
Requested Signature Algorithms: RSA+SHA512:ECDSA+SHA512:RSA+SHA384:ECDSA+SHA384:RSA+SHA256:ECDSA+SHA256:RSA+SHA224:ECDSA+SHA224:RSA+SHA1:ECDSA+SHA1
Shared Requested Signature Algorithms: RSA+SHA512:ECDSA+SHA512:RSA+SHA384:ECDSA+SHA384:RSA+SHA256:ECDSA+SHA256:RSA+SHA224:ECDSA+SHA224:RSA+SHA1:ECDSA+SHA1
Peer signing digest: SHA512
Peer signature type: RSA
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 5565 bytes and written 475 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID: 8F53B3260155079216848FCA8ED618E51A9BC083A2B8CAD32918FDF2CB9592C3
Session-ID-ctx:
Master-Key: BFD11717632B49D4A861B583FC9E66F0B9420B291E33BA06834E954C9909C5CE2C67C61DBACEF21DB6A27F76CA0867E0
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1588865372
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
---