public inbox for [email protected]
help / color / mirror / Atom feedFrom: Edward Breen <[email protected]>
To: Jim Mlodgenski <[email protected]>
Cc: Magnus Hagander <[email protected]>
Cc: PostgreSQL WWW <[email protected]>
Subject: Re: Expired cert
Date: Wed, 24 Nov 2021 11:38:29 -0800
Message-ID: <CAFNF7+ZqvqaLCtACL_1baLUZe7jBWwy9eubnFbqp0tEaPK4Ung@mail.gmail.com> (raw)
In-Reply-To: <CAB_5SRf=10RqgTkbz_=wGOfDUNP2yOZ0hKTKtEHCd8RXK7PD3A@mail.gmail.com>
References: <CAB_5SReU8qC80UYd6GmWNxi5tJCJvJ_FUUnVq-S5VpB8aULDaA@mail.gmail.com>
<CABUevEz8C2Kx14Rf0hfDAnBVwHkcxnp0a6SC1znM5ZLUScFeQA@mail.gmail.com>
<CAB_5SRf=10RqgTkbz_=wGOfDUNP2yOZ0hKTKtEHCd8RXK7PD3A@mail.gmail.com>
It appears the issue isn't fully resolved. I still see the expired root
certificate DST Root CA X3 with openssl:
% openssl s_client -connect www.postgresql.org:443 -servername
www.postgresql.org
CONNECTED(00000007)
depth=1 O = Digital Signature Trust Co., CN = DST Root CA X3
verify error:num=10:certificate has expired
notAfter=Sep 30 14:01:15 2021 GMT
verify return:0
depth=1 O = Digital Signature Trust Co., CN = DST Root CA X3
verify error:num=10:certificate has expired
notAfter=Sep 30 14:01:15 2021 GMT
verify return:0
depth=3 O = Digital Signature Trust Co., CN = DST Root CA X3
verify error:num=10:certificate has expired
notAfter=Sep 30 14:01:15 2021 GMT
verify return:0
---
Certificate chain
0 s:/CN=www.postgresql.org
i:/C=US/O=Let's Encrypt/CN=R3
1 s:/C=US/O=Let's Encrypt/CN=R3
i:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
2 s:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
Best,
Edward Breen
Software Engineer
Wexus Technologies Inc.
[email protected]
On Wed, Nov 24, 2021 at 11:35 AM Jim Mlodgenski <[email protected]> wrote:
> On Fri, Oct 8, 2021 at 11:42 AM Magnus Hagander <[email protected]>
> wrote:
> >
> > More to the point, your client needs a nudge. The certificate has not
> expired, but you are using a version of OpenSSL that's terribly out of
> date. All (or most at least? But I think all) non-EOL distros should do
> that by default if you just apply their updates. See for example
> https://letsencrypt.org/2021/10/01/cert-chaining-help.html and
> https://letsencrypt.org/docs/certificate-compatibility/
> >
> Thanks. I didn't notice the root cert expired last week. Updating
> OpenSSL did the trick.
>
>
>
>
>
view thread (5+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected]
Subject: Re: Expired cert
In-Reply-To: <CAFNF7+ZqvqaLCtACL_1baLUZe7jBWwy9eubnFbqp0tEaPK4Ung@mail.gmail.com>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox