problem s fetch a SSL/TLS certifikaty

Miroslav Lachman 000.fbsd at quip.cz
Thu Sep 30 23:50:48 CEST 2021

Previous message (by thread): problem s fetch a SSL/TLS certifikaty
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 30/09/2021 23:32, Miroslav Lachman wrote:

> Certificate verification failed for /O=Digital Signature Trust 
> Co./CN=DST Root CA X3
> 34374359624:error:14090086:SSL 
> routines:ssl3_get_server_certificate:certificate verify 
> failed:/usr/src/crypto/openssl/ssl/s3_clnt.c:1269:

[...]

> Uz me moc nenapada, co jeste zkusit, aby fetch na FreeBSD 11.2 s 
> ca_root_nss-3.63 byl schopny stahnout soubor z webserveru s aktualnim 
> Let's Encrypt certifikatem.

Zeptej se a odpovez si sam :)

Pravdepodobne je to tenhle problem se starym OpenSSL 1.0:

https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/

https://community.letsencrypt.org/t/openssl-client-compatibility-changes-for-let-s-encrypt-certificates/143816

Last month, we announced that we've developed a way for Let's Encrypt 
subscribers to keep supporting older Android devices after our 
cross-signature from DST Root CA X3 expires this September.

There is one notable exception: OpenSSL versions 1.0.0 through 1.0.2 
will reject the Android-compatible chain, regardless of whether they 
have ISRG Root X1 in their trust store.

Takze bych jedine musel na webserveru pouzivat jiny chain a tim 
odriznout zarizeni se starym Androidem 7.1.0.

Nebo muzu pro ten konkretni pripad pouzit --no-verify-peer.

Mirek

Previous message (by thread): problem s fetch a SSL/TLS certifikaty
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users-l mailing list