[Blink] Expired certificate for Ubuntu Focal Repository?
g4-lisz at tonarchiv.ch
g4-lisz at tonarchiv.ch
Tue Nov 2 20:20:50 CET 2021
Same issue here with Focal.
I run update-ca-certificates:
0 added, 0 removed; done.
Both certs DST Root X3 and ISG Root X1 are installed:
/etc/ssl/certs/DST_Root_CA_X3.pem ->
/usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt
/etc/ssl/certs/ISRG_Root_X1.pem ->
/usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt
On 28.10.21 19:05, Lars Noodén wrote:
> On 10/28/21 19:56, Adrian Georgescu wrote:
>> Try this command in a Terminal:
>>
>> openssl s_client -connect proxy.sipthor.net:5061
>> <http://proxy.sipthor.net:5061/>
>
> It returned the following:
>
> depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
> verify return:1
> depth=1 C = US, O = Let's Encrypt, CN = R3
> verify return:1
> depth=0 CN = sip2sip.info
> verify return:1
> CONNECTED(00000003)
> ---
> Certificate chain
> 0 s:CN = sip2sip.info
> i:C = US, O = Let's Encrypt, CN = R3
> 1 s:C = US, O = Let's Encrypt, CN = R3
> i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
> 2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
> i:O = Digital Signature Trust Co., CN = DST Root CA X3
> ---
> Server certificate
> -----BEGIN CERTIFICATE-----
> MIIFQjCCBCqgAwIBAgISBJ4BuE1hGOUGZ2rQVugrE9dkMA0GCSqGSIb3DQEBCwUA
> MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
> EwJSMzAeFw0yMTEwMTkyMjAxMDFaFw0yMjAxMTcyMjAxMDBaMBcxFTATBgNVBAMT
> DHNpcDJzaXAuaW5mbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKjS
> td1Vm9gjozuux97+tzjgBdx+wS5h4XVnTvLn+ZbMS4f83ws1uPpl9m6mZtRja1Pz
> DruIrzExHVXyWI1miae3LZUF45AxlaW3yIL09QsfMbKO0kKsK6K9LfoT8NbhzMWG
> HDVrsZtXHeLhX3hHR1uGdEnvTa/AbezO+E7RfGaOtd+KC/zbHuxnodHd/IlFMH7v
> q8+51ZOHcYV0wBF+AiQ7jPpHGZXJz/XuS9LvpheRzpsAlKaNvvqB9ULbztirtxo5
> 8Gh6j310vaQmP8h4OEkjPIpI/954keg0SBdBm7Xpwz1wpquzHuLjWn+aSzTZq1iA
> aKsnHdef4x9NQa/OnE8CAwEAAaOCAmswggJnMA4GA1UdDwEB/wQEAwIFoDAdBgNV
> HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4E
> FgQUibj6bp60DbsM0d7XTAjsOMVABNQwHwYDVR0jBBgwFoAUFC6zF7dYVsuuUAlA
> 5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzABhhVodHRwOi8vcjMu
> by5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9yMy5pLmxlbmNyLm9yZy8w
> PAYDVR0RBDUwM4IRcHJveHkuc2lwdGhvci5uZXSCDHNpcDJzaXAuaW5mb4IQd3d3
> LnNpcDJzaXAuaW5mbzBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEB
> ATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQMG
> CisGAQQB1nkCBAIEgfQEgfEA7wB2AEHIyrHfIkZKEMahOglCh15OMYsbA+vrS8do
> 8JBilgb2AAABfJrJYKAAAAQDAEcwRQIhAJttKmhLEaYmTH0jc2xEzKWzwmmJzpUO
> NcfNRU0iN1a1AiA9tAf6DwP3U8jaQTAN7LN3LGAx7hOO9UbyxcXXm95X4gB1ACl5
> vvCeOTkh8FZzn2Old+W+V32cYAr4+U1dJlwlXceEAAABfJrJYHYAAAQDAEYwRAIg
> IyJdN94OVm97wQZWu5GxywEDAzN+6MsK4IhdP+qDpFkCIBW4maL+qCQs3P3TsCdt
> UwdQ7Ic1fnVUN2pJua3ncoZCMA0GCSqGSIb3DQEBCwUAA4IBAQBbmNZfHbjzvhux
> THLOF08Ox3adk6Jl0azlWEsSDUY/xCYeo9cnqNJJzzA3Fg7w9PCUbRrOINi+ICNe
> yprxADbHUHplmsX9oUx+s56q1+GA9yshKqoIdAk/GhzepR3VNwVr78lKE34/i0bC
> 8HTK12QMoR2CJZKOkafiP3ioz3U4P5AXzeeOZqCQdBqXHslCt0217yZFNCKcSla8
> sn1qHZQ0RZf1iR74tcvpbgp/2IHQNp0A6KN7EVYYIQzV/KQDWUQdQJP5ZhvzDoOD
> IuXxY0SyLfV+kKt5Xb1/QYQky5+gFVb0cyLlLRVre+EVGf/MmpyDaxau2Pa8odlf
> M60CyzB1
> -----END CERTIFICATE-----
> subject=CN = sip2sip.info
>
> issuer=C = US, O = Let's Encrypt, CN = R3
>
> ---
> No client certificate CA names sent
> Requested Signature Algorithms:
> ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224
>
> Shared Requested Signature Algorithms:
> ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512
>
> Peer signing digest: SHA256
> Peer signature type: RSA-PSS
> Server Temp Key: X25519, 253 bits
> ---
> SSL handshake has read 4673 bytes and written 419 bytes
> Verification: OK
> ---
> New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
> Server public key is 2048 bit
> Secure Renegotiation IS NOT supported
> Compression: NONE
> Expansion: NONE
> No ALPN negotiated
> Early data was not sent
> Verify return code: 0 (ok)
> ---
> ---
> Post-Handshake New Session Ticket arrived:
> SSL-Session:
> Protocol : TLSv1.3
> Cipher : TLS_AES_256_GCM_SHA384
> Session-ID:
> 48507559565B481EDF60F8822F39CD3AC13071778D475BDEA427BE9089A60AB3
> Session-ID-ctx:
> Resumption PSK:
> 25DA4631F5DB9835B57642FE18C8264AAEE46761638972226F50395AC6FCD1E53050648DA2822DE0A670A098E7D44026
>
> PSK identity: None
> PSK identity hint: None
> SRP username: None
> TLS session ticket lifetime hint: 7200 (seconds)
> TLS session ticket:
> 0000 - 7b c4 d5 6f 43 be 7a 88-fe 2c 16 f2 4a 25 b8 74
> {..oC.z..,..J%.t
> 0010 - 8e 36 0a 6c 7e df c5 34-c6 65 cb b4 a9 f4 2d a2
> .6.l~..4.e....-.
> 0020 - 56 86 94 77 f4 14 80 f7-8f 12 2f b9 3d 4a 32 6d
> V..w....../.=J2m
> 0030 - 47 7b 26 8b f4 bc 34 71-72 4b 79 9c 54 ad 80 7c
> G{&...4qrKy.T..|
> 0040 - c5 3f 85 18 1a 79 ae e6-3d 22 6f 45 13 af a5 1b
> .?...y..="oE....
> 0050 - 64 b6 44 24 5c cc 8d e0-b4 0e 54 bf 72 3a 30 56
> d.D$\.....T.r:0V
> 0060 - a8 cb 27 9d cc 15 cf 09-f5 cf 9e 53 7d f8 c5 55
> ..'........S}..U
> 0070 - d8 12 9b d3 ce 64 a5 0a-ab d6 ea 7b 87 97 d8 61
> .....d.....{...a
> 0080 - 4c 45 10 75 13 5c c6 eb-98 97 03 bf 79 13 f3 fd
> LE.u.\......y...
> 0090 - 4a df 2d 5f 7a 4c 8a 61-06 44 fb f4 3a 8e 5f d0
> J.-_zL.a.D..:._.
> 00a0 - 9b 08 e7 e7 fe e3 5e cd-e4 ba 8c d0 7f ba 40 cb
> ......^....... at .
> 00b0 - 3b 44 ba 05 f8 1b 22 b8-c3 e7 89 47 8b f4 80 7f
> ;D...."....G....
> 00c0 - 65 60 96 e5 32 ce ba 9c-a3 9c 77 69 4e 07 e5 cc
> e`..2.....wiN...
> 00d0 - f5 7a a5 b3 54 58 2b 90-f5 34 9f 18 32 5d 4d b3
> .z..TX+..4..2]M.
> 00e0 - ae fe 53 b8 ac 8c 5c b8-34 fc 6c e7 7a a8 74 59
> ..S...\.4.l.z.tY
>
> Start Time: 1635440532
> Timeout : 7200 (sec)
> Verify return code: 0 (ok)
> Extended master secret: no
> Max Early Data: 0
> ---
> read R BLOCK
> ---
> Post-Handshake New Session Ticket arrived:
> SSL-Session:
> Protocol : TLSv1.3
> Cipher : TLS_AES_256_GCM_SHA384
> Session-ID:
> F849BFA3AB6D2F53BC6476767E5BF5694069592513A404CF23F0ADC5672EFBF4
> Session-ID-ctx:
> Resumption PSK:
> B2A3158EBCBC425C2A3E0A6357B123EB571CFA0C09A28823CC307540453517D39F03E5CD856D554FA6A9D3F2314BD1F9
>
> PSK identity: None
> PSK identity hint: None
> SRP username: None
> TLS session ticket lifetime hint: 7200 (seconds)
> TLS session ticket:
> 0000 - 7b c4 d5 6f 43 be 7a 88-fe 2c 16 f2 4a 25 b8 74
> {..oC.z..,..J%.t
> 0010 - c1 40 70 5d 4d 72 fc dd-1c 7f 38 4d ae 47 a6 e5
> . at p]Mr....8M.G..
> 0020 - de 55 8c 34 c2 10 87 23-cb 95 e5 e1 4a 1e 38 f7
> .U.4...#....J.8.
> 0030 - 76 d4 95 65 fc f3 14 47-68 8f 95 c3 2d 43 73 26
> v..e...Gh...-Cs&
> 0040 - 5a 05 19 d4 a6 85 94 19-c1 59 5e e4 d4 75 3b 01
> Z........Y^..u;.
> 0050 - d5 76 aa 10 8c 08 78 10-46 e2 48 f4 1c 9b ee ac
> .v....x.F.H.....
> 0060 - 2f 1d 69 5a 1d 86 c7 63-b5 c0 84 d1 b1 d2 33 42
> /.iZ...c......3B
> 0070 - 8e 42 6c f1 56 91 63 5e-13 a7 fa e6 a1 10 7f b3
> .Bl.V.c^........
> 0080 - 74 24 a7 86 38 8b cd 48-3d 2a 7c 6c 9c 51 18 ed
> t$..8..H=*|l.Q..
> 0090 - b0 04 e4 0b 38 54 0c d5-b3 dd f7 45 71 fc 82 0a
> ....8T.....Eq...
> 00a0 - 44 c0 4a 61 2c 9b 1c 5f-1f 13 19 cb 24 47 bd 1a
> D.Ja,.._....$G..
> 00b0 - be cb 87 97 9e cc 53 44-48 49 59 af 51 f3 f8 44
> ......SDHIY.Q..D
> 00c0 - 4d 7f 44 1e ce 5a 7d 34-5d e6 36 05 35 b2 65 28
> M.D..Z}4].6.5.e(
> 00d0 - d7 f3 cf db 38 db a3 e9-61 93 83 27 14 46 94 42
> ....8...a..'.F.B
> 00e0 - b7 ad 3c 83 a7 28 ac dc-2c cd d1 e9 d8 21 e3 c5
> ..<..(..,....!..
>
> Start Time: 1635440532
> Timeout : 7200 (sec)
> Verify return code: 0 (ok)
> Extended master secret: no
> Max Early Data: 0
> ---
> read R BLOCK
> closed
> _______________________________________________
> Blink mailing list
> Blink at lists.ag-projects.com
> https://lists.ag-projects.com/mailman/listinfo/blink
More information about the Blink
mailing list