[Touch-packages] [Bug 1944481] Re: Distrust "DST Root CA X3"

** Changed in: ca-certificates (Debian) Status: Unknown => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ca-certificates in Ubuntu. https://bugs.launchpad.net/bugs/1944481 Title: Distrust "DST Root CA

[Touch-packages] [Bug 1944481] Re: Distrust "DST Root CA X3"

** No longer affects: ca-certificates (Fluxbuntu) ** Also affects: ca-certificates (Debian) via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=995432 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Touch seeded

[Touch-packages] [Bug 1944481] Re: Distrust "DST Root CA X3"

** Bug watch added: Debian Bug tracker #995432 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=995432 ** Also affects: ca-certificates (Fluxbuntu) via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=995432 Importance: Unknown Status: Unknown -- You received this bug

[Touch-packages] [Bug 1944481] Re: Distrust "DST Root CA X3"

This bug was fixed in the package ca-certificates - 20210119ubuntu1 --- ca-certificates (20210119ubuntu1) impish; urgency=medium [ Dimitri John Ledkov ] * mozilla/blacklist.txt: blacklist expired "DST Root CA X3". (LP: #1944481) -- Marc Deslauriers Wed, 22 Sep 2021

[Touch-packages] [Bug 1944481] Re: Distrust "DST Root CA X3"

You can find older packages on the "full publishing history" from launchpad: https://launchpad.net/ubuntu/+source/ca-certificates/+publishinghistory You can either download it manually or use the pull-lp-debs(1) command from the ubuntu-dev-tools package. Thanks -- You received this bug

[Touch-packages] [Bug 1944481] Re: Distrust "DST Root CA X3"

Yes, I'm running into the issue above, where a windows server is not correctly serving the new certificate chain (which means it's going to fail for everyone else on Sept 30th.) Windows server might need an update or might need to be rebooted.

[Touch-packages] [Bug 1944481] Re: Distrust "DST Root CA X3"

@jsing You may well be correct that the server was incorrectly configured, unfortunately it was a Windows server managed by a third party and I don't know precisely how it was set up. Given that the cert in question was issued on 9th September 2021 I suspect it was a misconfiguration of their

[Touch-packages] [Bug 1944481] Re: Distrust "DST Root CA X3"

@mattjones86 that does not seem expected - Let's Encrypt have been issuing certificate from their R3 intermediate since December 2021 (https://community.letsencrypt.org/t/beginning-issuance-from-r3/139018) and have been supplying two intermediates (an Let's Encrypt R3 to ISRG Root X1 and a Let's

[Touch-packages] [Bug 1944481] Re: Distrust "DST Root CA X3"

I ran into an SSL verification issue today, caused by this change. It seems that some older LetsEncrypt clients have still recently been issuing valid certificates signed by the DST Root CA X3 root. These certificates would have otherwise continued to work normally until the root expired

[Touch-packages] [Bug 1944481] Re: Distrust "DST Root CA X3"

** Information type changed from Private Security to Public ** Information type changed from Public to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ca-certificates in Ubuntu.

[Touch-packages] [Bug 1944481] Re: Distrust "DST Root CA X3"

** Changed in: ca-certificates (Ubuntu Impish) Status: New => Fix Committed ** Changed in: ca-certificates (Ubuntu Trusty) Status: New => Fix Released ** Changed in: ca-certificates (Ubuntu Xenial) Status: New => Fix Released -- You received this bug notification because

[Touch-packages] [Bug 1944481] Re: Distrust "DST Root CA X3"

** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ca-certificates in Ubuntu. https://bugs.launchpad.net/bugs/1944481 Title: Distrust "DST Root CA X3" Status in ca-certificates package in Ubuntu: New

[Touch-packages] [Bug 1944481] Re: Distrust "DST Root CA X3"

This bug was fixed in the package ca-certificates - 20210119ubuntu0.21.04.1 --- ca-certificates (20210119ubuntu0.21.04.1) hirsute-security; urgency=medium [ Dimitri John Ledkov ] * mozilla/blacklist.txt: blacklist expired "DST Root CA X3". (LP: #1944481) -- Marc Deslauriers

[Touch-packages] [Bug 1944481] Re: Distrust "DST Root CA X3"

This bug was fixed in the package ca-certificates - 20210119~18.04.2 --- ca-certificates (20210119~18.04.2) bionic-security; urgency=medium [ Dimitri John Ledkov ] * mozilla/blacklist.txt: blacklist expired "DST Root CA X3". (LP: #1944481) -- Marc Deslauriers Wed, 22 Sep

[Touch-packages] [Bug 1944481] Re: Distrust "DST Root CA X3"

This bug was fixed in the package ca-certificates - 20210119~20.04.2 --- ca-certificates (20210119~20.04.2) focal-security; urgency=medium [ Dimitri John Ledkov ] * mozilla/blacklist.txt: blacklist expired "DST Root CA X3". (LP: #1944481) -- Marc Deslauriers Wed, 22 Sep

[Touch-packages] [Bug 1944481] Re: Distrust "DST Root CA X3"

** Information type changed from Private Security to Public Security ** Also affects: ca-certificates (Ubuntu Impish) Importance: Undecided Status: New ** Also affects: ca-certificates (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: ca-certificates (Ubuntu