From: | Edward Breen <ebreen(at)wexusapp(dot)com> |
---|---|
To: | Jim Mlodgenski <jimmy76(at)gmail(dot)com> |
Cc: | Magnus Hagander <magnus(at)hagander(dot)net>, PostgreSQL WWW <pgsql-www(at)lists(dot)postgresql(dot)org> |
Subject: | Re: Expired cert |
Date: | 2021-11-24 19:38:29 |
Message-ID: | CAFNF7+ZqvqaLCtACL_1baLUZe7jBWwy9eubnFbqp0tEaPK4Ung@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-www |
It appears the issue isn't fully resolved. I still see the expired root
certificate DST Root CA X3 with openssl:
% openssl s_client -connect www.postgresql.org:443 -servername
www.postgresql.org
CONNECTED(00000007)
depth=1 O = Digital Signature Trust Co., CN = DST Root CA X3
verify error:num=10:certificate has expired
notAfter=Sep 30 14:01:15 2021 GMT
verify return:0
depth=1 O = Digital Signature Trust Co., CN = DST Root CA X3
verify error:num=10:certificate has expired
notAfter=Sep 30 14:01:15 2021 GMT
verify return:0
depth=3 O = Digital Signature Trust Co., CN = DST Root CA X3
verify error:num=10:certificate has expired
notAfter=Sep 30 14:01:15 2021 GMT
verify return:0
---
Certificate chain
0 s:/CN=www.postgresql.org
i:/C=US/O=Let's Encrypt/CN=R3
1 s:/C=US/O=Let's Encrypt/CN=R3
i:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
2 s:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
Best,
Edward Breen
Software Engineer
Wexus Technologies Inc.
ebreen(at)wexusapp(dot)com
On Wed, Nov 24, 2021 at 11:35 AM Jim Mlodgenski <jimmy76(at)gmail(dot)com> wrote:
> On Fri, Oct 8, 2021 at 11:42 AM Magnus Hagander <magnus(at)hagander(dot)net>
> wrote:
> >
> > More to the point, your client needs a nudge. The certificate has not
> expired, but you are using a version of OpenSSL that's terribly out of
> date. All (or most at least? But I think all) non-EOL distros should do
> that by default if you just apply their updates. See for example
> https://letsencrypt.org/2021/10/01/cert-chaining-help.html and
> https://letsencrypt.org/docs/certificate-compatibility/
> >
> Thanks. I didn't notice the root cert expired last week. Updating
> OpenSSL did the trick.
>
>
>
>
>
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2021-11-24 20:01:33 | Re: Expired cert |
Previous Message | Magnus Hagander | 2021-11-24 14:28:44 | Re: [PATCH] pgarchives: Add pglister section in archives.ini.sample |