I can bundle the new cert and make a new blink package. Just double checking, where is the authoritative source for the replaced CA file?
> On 4 Nov 2021, at 16:07, g4-l...@tonarchiv.ch wrote: > > On 04.11.21 20:04, Lars Noodén wrote: >> On 11/4/21 20:51, g4-l...@tonarchiv.ch wrote: >>> >>> >>> Maybe you can just add the content of >>> /usr/local/share/ca-certificates/lets-encrypt-r3.crt to the end of this >>> file... >>> >>> Not sure if you also need some header before the -----BEGIN >>> CERTIFICATE----- line... >>> >>> This would be something like: >>> >>> # Lets' Encrypt >>> # Issuer: C = US, O = Internet Security Research Group, CN = ISRG >>> Root X1 >>> # Subject: C = US, O = Let's Encrypt, CN = R3 >>> >>> The X3 cert of Let's Encrypt in my /usr/share/blink/tls/ca.crt is >>> definitely outdated. >>> >>> You should probably delete the last smaller block of the two, >>> starting with >>> >>> -----BEGIN CERTIFICATE----- >>> MIIEZTCCA02gAwIBAgIQQAF1BIMUpMghjISpDBbN3zANBgkqhkiG9w0BAQsFADA/ >>> >>> But make a backup of /usr/share/blink/tls/ca.crt first! >> >> Thanks! I made a back up of ca.crt, removed the last certificate, and >> then appended lets-encrypt-r3.crt to the file. That has gotten rid of >> the error. I can now dial out. >> >> I had previously tried reinstalling Blink so maybe the new certificate >> needs to be packaged? >> > Glad to hear that it solved the problem! > > Yes, this CRT file is outdated, at least in the latest deb package for > Focal... > > _______________________________________________ > Blink mailing list > Blink@lists.ag-projects.com > https://lists.ag-projects.com/mailman/listinfo/blink _______________________________________________ Blink mailing list Blink@lists.ag-projects.com https://lists.ag-projects.com/mailman/listinfo/blink
