I posted a reply noting it’s not clear from the GitHub issue whether they were trying to contact the HKPS pool or trying to access the non-HKPS pool with SSL. In the linked Endeavour thread, Ben mentions: It appears to be an error with the SSL certificate of pool.sks-keyservers.net <http://pool.sks-keyservers.net/>. The server is providing a certificate for pgp.ocf.berkeley.edu.
EDIT: The certificate is also expired. That will never work, because pool.sks-keyservers.net <http://pool.sks-keyservers.net/> only supports unencrypted connections when using the CNAME. Going to an individual server in the pool and trying to use HKPS/HTTPS (e.g. hkps://pgp.ocf.berkeley.edu) might work on it’s own assuming it has a publicly trusted SSL certificate configured. And unless the OCF keyserver admins had to intervene an manually update it looks like their Lets Encrypt SSL certificate should have been valid 5 days ago when that thread was created as it was minted over a month prior on June 23, 2020. -T > On Aug 2, 2020, at 22:33, ygrek <yg...@autistici.org> wrote: > > Hi, > > there was a report of expired certificate: > https://github.com/SKS-Keyserver/sks-keyserver/issues/81 > > -- >
signature.asc
Description: Message signed with OpenPGP
