Postgres Pro
Downloads
Home   >   mailing lists

Re: Expired cert - Mailing list pgsql-www

From Edward Breen
Subject Re: Expired cert
Date
Msg-id CAFNF7+ZqvqaLCtACL_1baLUZe7jBWwy9eubnFbqp0tEaPK4Ung@mail.gmail.com
Whole thread Raw
In response to Re: Expired cert  (Jim Mlodgenski <jimmy76@gmail.com>)
Responses Re: Expired cert  (Tom Lane <tgl@sss.pgh.pa.us>)
List pgsql-www
Tree view
It appears the issue isn't fully resolved. I still see the expired root certificate DST Root CA X3 with openssl:

% openssl s_client -connect www.postgresql.org:443 -servername www.postgresql.org

CONNECTED(00000007)
depth=1 O = Digital Signature Trust Co., CN = DST Root CA X3
verify error:num=10:certificate has expired
notAfter=Sep 30 14:01:15 2021 GMT
verify return:0
depth=1 O = Digital Signature Trust Co., CN = DST Root CA X3
verify error:num=10:certificate has expired
notAfter=Sep 30 14:01:15 2021 GMT
verify return:0
depth=3 O = Digital Signature Trust Co., CN = DST Root CA X3
verify error:num=10:certificate has expired
notAfter=Sep 30 14:01:15 2021 GMT
verify return:0
---
Certificate chain
 0 s:/CN=www.postgresql.org
   i:/C=US/O=Let's Encrypt/CN=R3
 1 s:/C=US/O=Let's Encrypt/CN=R3
   i:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
 2 s:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
   i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---

Best,
Edward Breen
Software Engineer
Wexus Technologies Inc.


On Wed, Nov 24, 2021 at 11:35 AM Jim Mlodgenski <jimmy76@gmail.com> wrote:
On Fri, Oct 8, 2021 at 11:42 AM Magnus Hagander <magnus@hagander.net> wrote:
>
> More to the point, your client needs a nudge.  The certificate has not expired, but you are using a version of OpenSSL that's terribly out of date. All (or most at least? But I think all) non-EOL distros should do that by default if you just apply their updates. See for example https://letsencrypt.org/2021/10/01/cert-chaining-help.html and https://letsencrypt.org/docs/certificate-compatibility/
>
Thanks. I didn't notice the root cert expired last week. Updating
OpenSSL did the trick.




pgsql-www by date:

Previous
From: Magnus Hagander
Date:
Subject: Re: [PATCH] pgarchives: Add pglister section in archives.ini.sample
Next
From: Tom Lane
Date:
Subject: Re: Expired cert