| From: | Christoph Moench-Tegeder <cmt(at)burggraben(dot)net> |
|---|---|
| To: | Cedric Rey <cerey(at)groupemutuel(dot)ch> |
| Cc: | "pgsql-general(at)lists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Certificate validity error download.postgresql.org |
| Date: | 2021-10-14 13:28:37 |
| Message-ID: | YWgwhXVxG4RxP5GV@elch.exwg.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
## Cedric Rey (cerey(at)groupemutuel(dot)ch):
> the certificate on download.postgresql.org has expired :
>
> openssl s_client -connect download.postgresql.org:443
> CONNECTED(00000003)
> depth=3 O = Digital Signature Trust Co., CN = DST Root CA X3
> verify error:num=10:certificate has expired
> notAfter=Sep 30 14:01:15 2021 GMT
That's complaining about the "DST Root CA X3" certificate, and that's
(partially) expected: https://letsencrypt.org/2021/10/01/cert-chaining-help.html
But the fact that you're seeing this indicates that you're either
running an horribly outdated version of openssl (as Daniel mentioned),
but even CentOS' "OpenSSL 1.0.2k-fips 26 Jan 2017" has been fixed
in this regard.
The other possibility is that your trusted CA list is outdated: that
would be package ca-certificates (same name in deb and rpm world).
I do know from my own experience that at least the "old" (2020.2.something)
Redhat package is missing the new "ISRG Root X1" certificate, you'll
need version 2021.2.something.
Regards,
Christoph
--
Spare Space
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Metin Ulusinan | 2021-10-14 13:42:23 | Re: Fault with initcap |
| Previous Message | Daniel Gustafsson | 2021-10-14 13:00:51 | Re: Certificate validity error download.postgresql.org |