Hi,
Users of older Apple OSes that are no longer receiving updates probably noticed
that Safari and Chrome-based browsers no longer connect to lots of sites
because a crucial root certificate has expired.
Answer 1 to
You're (probably - seems plausible but I haven't verified it myself) right that
that's annoying and fixable.
But there's a big reason to think carefully about whether to do that. If
something is old enough that it isn't receiving certificate updates, it
probably isn't receiving security
I don't know what to think about MacPorts, specifically, providing
new certificates, but, pertaining to some of the arguments presented
against doing this on old Macs generally, it must be kept in mind
that some of us -- including yours truly -- have Apple computers that
CANNOT use newer
As a user who spent a week trying to figure out what was going on with more and
more sites not working, making less of the information out there available to
figure out how to solve the expired cert, it was really painful to find out
that this was "known in advance", and worse, this implies
I have VMs of a couple of old macOS / OS X versions, because I want continued
access to the features that have been removed in more recent versions (32-bit
user land support in Mojave, ability to run PowerPC apps and executables in
Snow Leopard).
But the old machine that ran Snow Leopard is
> On Oct 29, 2021, at 12:02, Michael wrote:
>
> As a user who spent a week trying to figure out what was going on with more
> and more sites not working, making less of the information out there
> available to figure out how to solve the expired cert, it was really painful
> to find out
On 2021-10-29 at 07:23:38 UTC-0400 (Fri, 29 Oct 2021 07:23:38 -0400)
Richard L. Hamilton
is rumored to have said:
You're (probably - seems plausible but I haven't verified it myself)
right that that's annoying and fixable.
But there's a big reason to think carefully about whether to do that.
TBH, there is no need to download the entire package of root certs from a new
version of macOS. Installing the updated root certificate you need should be
enough. For the case of the expired intermediate certificate of Letsencrypt
(that causes most of the problems in my personal experience)
On 2021-10-29 at 11:17:52 UTC-0400 (Fri, 29 Oct 2021 11:17:52 -0400
(EDT))
Richard Bonomo TDS personal
is rumored to have said:
I don't know what to think about MacPorts, specifically, providing
new certificates, but, pertaining to some of the arguments presented
against doing this on old
Neither does Osborne Computer Corporation. :-) But that's a hobby, and doesn't
have connectivity issues anyway. But I don't run the browser on my Sun
workstation, either (an ancient version of Firefox, I think; I may still have
Mosaic on there, but that's so old it's just plain useless).
FWIW,
> On 29 Oct 2021, at 4:17 pm, Richard Bonomo TDS personal
> wrote:
>
>
> I don't know what to think about MacPorts, specifically, providing
> new certificates, but, pertaining to some of the arguments presented
> against doing this on old Macs generally, it must be kept in mind
> that some
Well, some of us are reasonably competent in managing risk, but cannot afford
to be buying new computers.
So the Apples I have, or are on loan to me, have to be kept going.
On a more pathologic level, I am also in possession (extended load) of a µVAX
workstation that I should try
to get
On Fri, 29 Oct 2021, Bill Cole wrote:
Yes: Anyone running Mojave or earlier is not exactly skydiving without a
parachute, but is doing something close. Perhaps it's akin to skydiving
with a homemade parachute...
Well, my ancient MacBook Pro is stuck on High Sierra; then again I'm
careful
> On 30 Oct 2021, at 12:02 am, Richard L. Hamilton wrote:
>
> I have VMs of a couple of old macOS / OS X versions, because I want continued
> access to the features that have been removed in more recent versions (32-bit
> user land support in Mojave, ability to run PowerPC apps and
> ANY "modern", "secure" OS is an inherent time-death, for no good reason.
Yes they are, but for good reasons.
People discover vulnerabilities and patch them. Unpatched systems are
vulnerable. This happens for all sorts of technical issues, especially PKI. For
example,
Analysis of SSL
So I found this advice online for updating certs without having to worry about
trusting expired old certs.
1. Visit https://letsencrypt.org/certs/isrgrootx1.pem to download the
certificate, and save it in the Documents folder.
2. Open Terminal, paste this command, and press enter:
sudo
16 matches
Mail list logo
