It's been a few months since I last checked in on my nntp
account with eternal-september, but TB is reporting that there
is a certif problem:
https://susepaste.org/24549546
It seems to look fine in the sense that the dates are still
good.
But is there a way to update the certif and be able to log in?
Maybe you can remove DST X3 from your trust chain (since it is expired)
and add the self signed let's encrypt certificate from here:
https://letsencrypt.org/certificates/
More information about the issue here:
https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
The info and reason is all good, but I need a step-by-step
intruction on how to work with certifs. I downloaded what I
though was a required replacement/updated certif [Cross-signed
by DST Root CA X3] from one of the above links, but it prompted
me for a password to proceed with the installation.
Meanwhile, I learned that OpenXP doesn't care about any
certifs, and I can fetch my eternal-september messages with
that. I don't need to use TB at all. But it wold be nice to
fix the certif problem.
You need the self-signed certificate, not the cross-signed
one, since the cross-signed one is using an old, expired
trust chain.
I am sure there are ten thousand guides floating around the internet regarding certificate updateing. Most Linux and BSDs around got the
problem fixed via a regular update.
Self-signed: der, pem, txt
Self-signed: der, pem, txt
Hello Arelor!
** On Saturday 16.10.21 - 06:31, Arelor wrote to Ogg:
You need the self-signed certificate, not the cross-signed
one, since the cross-signed one is using an old, expired
trust chain.
I installed both self0signed ones, and I did that in XP and TB.
Still doesn't work.
I am sure there are ten thousand guides floating around the internet regarding certificate updateing. Most Linux and BSDs around got the problem fixed via a regular update.
I know how to go through the "install certif" process in XP and
TB. But, these marked "==>" are not making any difference:
Active
ISRG Root X1 (RSA 4096, O = Internet Security Research Group, CN = ISRG Root X1)
Self-signed: der, pem, txt
Active, limited availability
ISRG Root X2 (ECDSA P-384, O = Internet Security Research Group, CN = IS Root X2)
Self-signed: der, pem, txt
You need the self-signed certificate, not the cross-signed
one, since the cross-signed one is using an old, expired
trust chain.
Hello Arelor!
** On Saturday 16.10.21 - 06:31, Arelor wrote to Ogg:
You need the self-signed certificate, not the cross-signed
one, since the cross-signed one is using an old, expired
trust chain.
Just a little followup.. I tried their "test" links below:
ISRG Root X1
Valid <== this one worked OK
Revoked <== this one loaded properly with "revoked"
Expired <== this wouldn't load.
ISRG Root X2
Valid <== this one worked OK
Revoked <== this one loaded with a "revoked" page.
Expired <== this one wouldn't load.
So.. the certifs are probably installed fine in system/browser
program?
Now, only TB's mail system is still complaining about
invalidity. :(
You also have to manually remove the expired DST X3 one.
Hello Arelor!
** On Sunday 17.10.21 - 05:55, Arelor wrote to Ogg:
You also have to manually remove the expired DST X3 one.
Ah.. That I haven't done.
But I didn't see any "LetsEncrypt" certifs in the list of
certifs.
Sysop: | Chris Crash |
---|---|
Location: | Huntington Beach, CA. |
Users: | 585 |
Nodes: | 8 (0 / 8) |
Uptime: | 26:21:53 |
Calls: | 10,757 |
Files: | 5 |
Messages: | 452,122 |