A client had Digium phones that hated the expired part of the cert as well. Had to hack out the cross-signing to make them happy.
On Fri, Oct 8, 2021 at 12:49 PM Sergiu Pojoga <[email protected]> wrote: > Like our comrades at APIBAN. Had to patch the CA list on older linux > distros to get this restarted. > > Oct 8 10:20:21 kamailio[8476]: WARNING: http_client [functions.c:308]: > curL_request_url(): TLS server certificate validation error (No valid CA > cert) (url: https://apiban.org/api/...) > > @Fred, all good out there bud? lol > > On Fri, Oct 8, 2021 at 12:30 PM Maxim Sobolev <[email protected]> > wrote: > >> Some of our internal API have started to fail and most of software update >> routines jammed up as a result until we figured out how to cope with that >> issue. >> >> Not the first one and certainly not the last. In general PKI/TLS is by >> design prone to issues like this and I am sad industry has not come up with >> anything better yet to communicate over insecure channels. :( Noise >> protocol certainly holds lots of potential in my view but mills of IETF >> mill slowly, so we are going to be suffering for many years to come I am >> afraid. >> >> -Max >> >> >> On Fri., Oct. 8, 2021, 8:23 a.m. Henning Westerholt, <[email protected]> >> wrote: >> >>> Hello, >>> >>> >>> >>> in total we had three customer incidents (two server related, one client >>> related) because of this, one of them was a major incident. >>> >>> >>> >>> Cheers, >>> >>> >>> >>> Henning >>> >>> >>> >>> -- >>> >>> Henning Westerholt – https://skalatan.de/blog/ >>> >>> Kamailio services – https://gilawa.com >>> >>> >>> >>> >>> >>> >>> >>> *From:* sr-users <[email protected]> *On Behalf Of *Joel >>> Serrano >>> *Sent:* Friday, October 1, 2021 9:05 PM >>> *To:* Kamailio (SER) - Users Mailing List <[email protected]> >>> *Subject:* [SR-Users] Let's Encrypt DST Root CA X3 cert CA expiration >>> 30th/Sept - Any issues? >>> >>> >>> >>> Hello, >>> >>> >>> >>> I'm wondering if anyone had any issues yesterday with the expiration of >>> the DST Root CA X3 cert? >>> >>> >>> >>> Out of all the servers I manage, only a couple were affected (debian 8). >>> They were production servers so we replaced the cert with a different one >>> to solve the issue while we find the root cause. >>> >>> >>> >>> Anyone out there had any issues yesterday because of this? I'm just >>> curious! >>> >>> >>> >>> Joel. >>> __________________________________________________________ >>> Kamailio - Users Mailing List - Non Commercial Discussions >>> * [email protected] >>> Important: keep the mailing list in the recipients, do not reply only to >>> the sender! >>> Edit mailing list options or unsubscribe: >>> * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>> >> __________________________________________________________ >> Kamailio - Users Mailing List - Non Commercial Discussions >> * [email protected] >> Important: keep the mailing list in the recipients, do not reply only to >> the sender! >> Edit mailing list options or unsubscribe: >> * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >> > __________________________________________________________ > Kamailio - Users Mailing List - Non Commercial Discussions > * [email protected] > Important: keep the mailing list in the recipients, do not reply only to > the sender! > Edit mailing list options or unsubscribe: > * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >
__________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions * [email protected] Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
