[Blink] Expired certificate for Ubuntu Focal Repository?
g4-lisz at tonarchiv.ch
g4-lisz at tonarchiv.ch
Tue Nov 2 21:28:44 CET 2021
Finally solved by installing Let's Encrypt R3 cert manually:
sudo wget --no-check-certificate
https://letsencrypt.org/certs/lets-encrypt-r3.pem -O
/usr/local/share/ca-certificates/lets-encrypt-r3.crt
sudo update-ca-certificates
On 02.11.21 20:42, g4-lisz at tonarchiv.ch wrote:
> I think the problem is that the ISRG_Root_X1 is still signed by
> DST_Root_CA_X3 and this is outdated:
>
> ~$ openssl x509 -text -noout -in
> /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt
> Certificate:
> Data:
> Version: 3 (0x2)
> Serial Number:
> 44:af:b0:80:d6:a3:27:ba:89:30:39:86:2e:f8:40:6b
> Signature Algorithm: sha1WithRSAEncryption
> Issuer: O = Digital Signature Trust Co., CN = DST Root CA X3
> Validity
> Not Before: Sep 30 21:12:19 2000 GMT
> Not After : Sep 30 14:01:15 2021 GMT
>
> On 02.11.21 20:20, g4-lisz at tonarchiv.ch wrote:
>> Same issue here with Focal.
>>
>> I run update-ca-certificates:
>>
>> 0 added, 0 removed; done.
>>
>> Both certs DST Root X3 and ISG Root X1 are installed:
>>
>> /etc/ssl/certs/DST_Root_CA_X3.pem ->
>> /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt
>>
>> /etc/ssl/certs/ISRG_Root_X1.pem ->
>> /usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt
>>
>>
>> On 28.10.21 19:05, Lars Noodén wrote:
>>> On 10/28/21 19:56, Adrian Georgescu wrote:
>>>> Try this command in a Terminal:
>>>>
>>>> openssl s_client -connect proxy.sipthor.net:5061
>>>> <http://proxy.sipthor.net:5061/>
>>> It returned the following:
>>>
>>> depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
>>> verify return:1
>>> depth=1 C = US, O = Let's Encrypt, CN = R3
>>> verify return:1
>>> depth=0 CN = sip2sip.info
>>> verify return:1
>>> CONNECTED(00000003)
>>> ---
>>> Certificate chain
>>> 0 s:CN = sip2sip.info
>>> i:C = US, O = Let's Encrypt, CN = R3
>>> 1 s:C = US, O = Let's Encrypt, CN = R3
>>> i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
>>> 2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
>>> i:O = Digital Signature Trust Co., CN = DST Root CA X3
>>> ---
>>> Server certificate
>>> -----BEGIN CERTIFICATE-----
>>> MIIFQjCCBCqgAwIBAgISBJ4BuE1hGOUGZ2rQVugrE9dkMA0GCSqGSIb3DQEBCwUA
>>> MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
>>> EwJSMzAeFw0yMTEwMTkyMjAxMDFaFw0yMjAxMTcyMjAxMDBaMBcxFTATBgNVBAMT
>>> DHNpcDJzaXAuaW5mbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKjS
>>> td1Vm9gjozuux97+tzjgBdx+wS5h4XVnTvLn+ZbMS4f83ws1uPpl9m6mZtRja1Pz
>>> DruIrzExHVXyWI1miae3LZUF45AxlaW3yIL09QsfMbKO0kKsK6K9LfoT8NbhzMWG
>>> HDVrsZtXHeLhX3hHR1uGdEnvTa/AbezO+E7RfGaOtd+KC/zbHuxnodHd/IlFMH7v
>>> q8+51ZOHcYV0wBF+AiQ7jPpHGZXJz/XuS9LvpheRzpsAlKaNvvqB9ULbztirtxo5
>>> 8Gh6j310vaQmP8h4OEkjPIpI/954keg0SBdBm7Xpwz1wpquzHuLjWn+aSzTZq1iA
>>> aKsnHdef4x9NQa/OnE8CAwEAAaOCAmswggJnMA4GA1UdDwEB/wQEAwIFoDAdBgNV
>>> HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4E
>>> FgQUibj6bp60DbsM0d7XTAjsOMVABNQwHwYDVR0jBBgwFoAUFC6zF7dYVsuuUAlA
>>> 5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzABhhVodHRwOi8vcjMu
>>> by5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9yMy5pLmxlbmNyLm9yZy8w
>>> PAYDVR0RBDUwM4IRcHJveHkuc2lwdGhvci5uZXSCDHNpcDJzaXAuaW5mb4IQd3d3
>>> LnNpcDJzaXAuaW5mbzBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEB
>>> ATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQMG
>>> CisGAQQB1nkCBAIEgfQEgfEA7wB2AEHIyrHfIkZKEMahOglCh15OMYsbA+vrS8do
>>> 8JBilgb2AAABfJrJYKAAAAQDAEcwRQIhAJttKmhLEaYmTH0jc2xEzKWzwmmJzpUO
>>> NcfNRU0iN1a1AiA9tAf6DwP3U8jaQTAN7LN3LGAx7hOO9UbyxcXXm95X4gB1ACl5
>>> vvCeOTkh8FZzn2Old+W+V32cYAr4+U1dJlwlXceEAAABfJrJYHYAAAQDAEYwRAIg
>>> IyJdN94OVm97wQZWu5GxywEDAzN+6MsK4IhdP+qDpFkCIBW4maL+qCQs3P3TsCdt
>>> UwdQ7Ic1fnVUN2pJua3ncoZCMA0GCSqGSIb3DQEBCwUAA4IBAQBbmNZfHbjzvhux
>>> THLOF08Ox3adk6Jl0azlWEsSDUY/xCYeo9cnqNJJzzA3Fg7w9PCUbRrOINi+ICNe
>>> yprxADbHUHplmsX9oUx+s56q1+GA9yshKqoIdAk/GhzepR3VNwVr78lKE34/i0bC
>>> 8HTK12QMoR2CJZKOkafiP3ioz3U4P5AXzeeOZqCQdBqXHslCt0217yZFNCKcSla8
>>> sn1qHZQ0RZf1iR74tcvpbgp/2IHQNp0A6KN7EVYYIQzV/KQDWUQdQJP5ZhvzDoOD
>>> IuXxY0SyLfV+kKt5Xb1/QYQky5+gFVb0cyLlLRVre+EVGf/MmpyDaxau2Pa8odlf
>>> M60CyzB1
>>> -----END CERTIFICATE-----
>>> subject=CN = sip2sip.info
>>>
>>> issuer=C = US, O = Let's Encrypt, CN = R3
>>>
>>> ---
>>> No client certificate CA names sent
>>> Requested Signature Algorithms:
>>> ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224
>>>
>>> Shared Requested Signature Algorithms:
>>> ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512
>>>
>>> Peer signing digest: SHA256
>>> Peer signature type: RSA-PSS
>>> Server Temp Key: X25519, 253 bits
>>> ---
>>> SSL handshake has read 4673 bytes and written 419 bytes
>>> Verification: OK
>>> ---
>>> New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
>>> Server public key is 2048 bit
>>> Secure Renegotiation IS NOT supported
>>> Compression: NONE
>>> Expansion: NONE
>>> No ALPN negotiated
>>> Early data was not sent
>>> Verify return code: 0 (ok)
>>> ---
>>> ---
>>> Post-Handshake New Session Ticket arrived:
>>> SSL-Session:
>>> Protocol : TLSv1.3
>>> Cipher : TLS_AES_256_GCM_SHA384
>>> Session-ID:
>>> 48507559565B481EDF60F8822F39CD3AC13071778D475BDEA427BE9089A60AB3
>>> Session-ID-ctx:
>>> Resumption PSK:
>>> 25DA4631F5DB9835B57642FE18C8264AAEE46761638972226F50395AC6FCD1E53050648DA2822DE0A670A098E7D44026
>>>
>>> PSK identity: None
>>> PSK identity hint: None
>>> SRP username: None
>>> TLS session ticket lifetime hint: 7200 (seconds)
>>> TLS session ticket:
>>> 0000 - 7b c4 d5 6f 43 be 7a 88-fe 2c 16 f2 4a 25 b8 74
>>> {..oC.z..,..J%.t
>>> 0010 - 8e 36 0a 6c 7e df c5 34-c6 65 cb b4 a9 f4 2d a2
>>> .6.l~..4.e....-.
>>> 0020 - 56 86 94 77 f4 14 80 f7-8f 12 2f b9 3d 4a 32 6d
>>> V..w....../.=J2m
>>> 0030 - 47 7b 26 8b f4 bc 34 71-72 4b 79 9c 54 ad 80 7c
>>> G{&...4qrKy.T..|
>>> 0040 - c5 3f 85 18 1a 79 ae e6-3d 22 6f 45 13 af a5 1b
>>> .?...y..="oE....
>>> 0050 - 64 b6 44 24 5c cc 8d e0-b4 0e 54 bf 72 3a 30 56
>>> d.D$\.....T.r:0V
>>> 0060 - a8 cb 27 9d cc 15 cf 09-f5 cf 9e 53 7d f8 c5 55
>>> ..'........S}..U
>>> 0070 - d8 12 9b d3 ce 64 a5 0a-ab d6 ea 7b 87 97 d8 61
>>> .....d.....{...a
>>> 0080 - 4c 45 10 75 13 5c c6 eb-98 97 03 bf 79 13 f3 fd
>>> LE.u.\......y...
>>> 0090 - 4a df 2d 5f 7a 4c 8a 61-06 44 fb f4 3a 8e 5f d0
>>> J.-_zL.a.D..:._.
>>> 00a0 - 9b 08 e7 e7 fe e3 5e cd-e4 ba 8c d0 7f ba 40 cb
>>> ......^....... at .
>>> 00b0 - 3b 44 ba 05 f8 1b 22 b8-c3 e7 89 47 8b f4 80 7f
>>> ;D...."....G....
>>> 00c0 - 65 60 96 e5 32 ce ba 9c-a3 9c 77 69 4e 07 e5 cc
>>> e`..2.....wiN...
>>> 00d0 - f5 7a a5 b3 54 58 2b 90-f5 34 9f 18 32 5d 4d b3
>>> .z..TX+..4..2]M.
>>> 00e0 - ae fe 53 b8 ac 8c 5c b8-34 fc 6c e7 7a a8 74 59
>>> ..S...\.4.l.z.tY
>>>
>>> Start Time: 1635440532
>>> Timeout : 7200 (sec)
>>> Verify return code: 0 (ok)
>>> Extended master secret: no
>>> Max Early Data: 0
>>> ---
>>> read R BLOCK
>>> ---
>>> Post-Handshake New Session Ticket arrived:
>>> SSL-Session:
>>> Protocol : TLSv1.3
>>> Cipher : TLS_AES_256_GCM_SHA384
>>> Session-ID:
>>> F849BFA3AB6D2F53BC6476767E5BF5694069592513A404CF23F0ADC5672EFBF4
>>> Session-ID-ctx:
>>> Resumption PSK:
>>> B2A3158EBCBC425C2A3E0A6357B123EB571CFA0C09A28823CC307540453517D39F03E5CD856D554FA6A9D3F2314BD1F9
>>>
>>> PSK identity: None
>>> PSK identity hint: None
>>> SRP username: None
>>> TLS session ticket lifetime hint: 7200 (seconds)
>>> TLS session ticket:
>>> 0000 - 7b c4 d5 6f 43 be 7a 88-fe 2c 16 f2 4a 25 b8 74
>>> {..oC.z..,..J%.t
>>> 0010 - c1 40 70 5d 4d 72 fc dd-1c 7f 38 4d ae 47 a6 e5
>>> . at p]Mr....8M.G..
>>> 0020 - de 55 8c 34 c2 10 87 23-cb 95 e5 e1 4a 1e 38 f7
>>> .U.4...#....J.8.
>>> 0030 - 76 d4 95 65 fc f3 14 47-68 8f 95 c3 2d 43 73 26
>>> v..e...Gh...-Cs&
>>> 0040 - 5a 05 19 d4 a6 85 94 19-c1 59 5e e4 d4 75 3b 01
>>> Z........Y^..u;.
>>> 0050 - d5 76 aa 10 8c 08 78 10-46 e2 48 f4 1c 9b ee ac
>>> .v....x.F.H.....
>>> 0060 - 2f 1d 69 5a 1d 86 c7 63-b5 c0 84 d1 b1 d2 33 42
>>> /.iZ...c......3B
>>> 0070 - 8e 42 6c f1 56 91 63 5e-13 a7 fa e6 a1 10 7f b3
>>> .Bl.V.c^........
>>> 0080 - 74 24 a7 86 38 8b cd 48-3d 2a 7c 6c 9c 51 18 ed
>>> t$..8..H=*|l.Q..
>>> 0090 - b0 04 e4 0b 38 54 0c d5-b3 dd f7 45 71 fc 82 0a
>>> ....8T.....Eq...
>>> 00a0 - 44 c0 4a 61 2c 9b 1c 5f-1f 13 19 cb 24 47 bd 1a
>>> D.Ja,.._....$G..
>>> 00b0 - be cb 87 97 9e cc 53 44-48 49 59 af 51 f3 f8 44
>>> ......SDHIY.Q..D
>>> 00c0 - 4d 7f 44 1e ce 5a 7d 34-5d e6 36 05 35 b2 65 28
>>> M.D..Z}4].6.5.e(
>>> 00d0 - d7 f3 cf db 38 db a3 e9-61 93 83 27 14 46 94 42
>>> ....8...a..'.F.B
>>> 00e0 - b7 ad 3c 83 a7 28 ac dc-2c cd d1 e9 d8 21 e3 c5
>>> ..<..(..,....!..
>>>
>>> Start Time: 1635440532
>>> Timeout : 7200 (sec)
>>> Verify return code: 0 (ok)
>>> Extended master secret: no
>>> Max Early Data: 0
>>> ---
>>> read R BLOCK
>>> closed
>>> _______________________________________________
>>> Blink mailing list
>>> Blink at lists.ag-projects.com
>>> https://lists.ag-projects.com/mailman/listinfo/blink
>> _______________________________________________
>> Blink mailing list
>> Blink at lists.ag-projects.com
>> https://lists.ag-projects.com/mailman/listinfo/blink
> _______________________________________________
> Blink mailing list
> Blink at lists.ag-projects.com
> https://lists.ag-projects.com/mailman/listinfo/blink
More information about the Blink
mailing list