On Fri, Oct 1, 2021 at 9:34 PM Rich Pieri <[email protected]> wrote:
> contains several expired CA certs including the now expired > *DST Root CA X3 certificate. * > This can cause problems with Let's Encrypt certificates > even though the bundle has the ISRG Root X1 CA cert. *Let's Encrypt *had posted notice of this oncoming chain-change back in March & April, their changes to support this effective in May. https://community.letsencrypt.org/t/production-chain-changes/150739 & https://community.letsencrypt.org/t/providing-a-longer-certificate-chain-by-default/148738 > In my particular > case, Sylpheed thinks my Let's Encrypt cert is expired even though > it clearly is not. Might be a Sylpheed bug. > Wouldn't be the first to fail to check an alternate chain correctly. Likely won't be the last either *sigh* (Gotta have test cases for the edgecases !) *SANS Internet Storm Center* covered this pending doom in the daily podcast for Tuesday Sep 28th (eps 7690). https://isc.sans.edu/podcastdetail.html?id=7690 *should* show you the notes for eps. 7690 (but the web app is going to Friday now, and PREVIOUS just loops, oopsie; but the link they provided is pasted above, i got it from the RSS feed for you.) https://traffic.libsyn.com/securitypodcast/7690.mp3 _______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
