public inbox for [email protected]
help / color / mirror / Atom feedFrom: Tom Lane <[email protected]>
To: Edward Breen <[email protected]>
Cc: Jim Mlodgenski <[email protected]>
Cc: Magnus Hagander <[email protected]>
Cc: PostgreSQL WWW <[email protected]>
Subject: Re: Expired cert
Date: Wed, 24 Nov 2021 15:01:33 -0500
Message-ID: <[email protected]> (raw)
In-Reply-To: <CAFNF7+ZqvqaLCtACL_1baLUZe7jBWwy9eubnFbqp0tEaPK4Ung@mail.gmail.com>
References: <CAB_5SReU8qC80UYd6GmWNxi5tJCJvJ_FUUnVq-S5VpB8aULDaA@mail.gmail.com>
<CABUevEz8C2Kx14Rf0hfDAnBVwHkcxnp0a6SC1znM5ZLUScFeQA@mail.gmail.com>
<CAB_5SRf=10RqgTkbz_=wGOfDUNP2yOZ0hKTKtEHCd8RXK7PD3A@mail.gmail.com>
<CAFNF7+ZqvqaLCtACL_1baLUZe7jBWwy9eubnFbqp0tEaPK4Ung@mail.gmail.com>
Edward Breen <[email protected]> writes:
> It appears the issue isn't fully resolved. I still see the expired root
> certificate DST Root CA X3 with openssl:
> % openssl s_client -connect www.postgresql.org:443 -servername
> www.postgresql.org
This did before, and still does, indicate either an obsolete system trust
store or an obsolete OpenSSL version on your end. You need to make sure
the "ISRG Root X1" cert is trusted by your machine, and you need to make
sure you're running moderately recent OpenSSL (preferably > 1.0.2).
If the latter is impractical, there are workarounds here:
https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/
regards, tom lane
view thread (5+ messages)
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected], [email protected]
Subject: Re: Expired cert
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox