• let's encrypt certif problem

    From Ogg@VERT/CAPCITY2 to Arelor on Sun Oct 17 08:51:00 2021
    Hello Arelor!

    ** On Saturday 16.10.21 - 06:31, Arelor wrote to Ogg:

    You need the self-signed certificate, not the cross-signed
    one, since the cross-signed one is using an old, expired
    trust chain.

    Just a little followup.. I tried their "test" links below:

    ISRG Root X1
    Valid <== this one worked OK
    Revoked <== this one loaded properly with "revoked"
    Expired <== this wouldn't load.

    ISRG Root X2
    Valid <== this one worked OK
    Revoked <== this one loaded with a "revoked" page.
    Expired <== this one wouldn't load.


    So.. the certifs are probably installed fine in system/browser
    program?

    Now, only TB's mail system is still complaining about
    invalidity. :(


    --- OpenXP 5.0.50
    * Origin: Ogg's Dovenet Point (723:320/1.9)
    þ Synchronet þ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
  • From Arelor@VERT/PALANT to Ogg on Sun Oct 17 12:09:16 2021
    Re: let's encrypt certif problem
    By: Ogg to Arelor on Sun Oct 17 2021 08:51 am

    Hello Arelor!

    ** On Saturday 16.10.21 - 06:31, Arelor wrote to Ogg:

    You need the self-signed certificate, not the cross-signed
    one, since the cross-signed one is using an old, expired
    trust chain.

    Just a little followup.. I tried their "test" links below:

    ISRG Root X1
    Valid <== this one worked OK
    Revoked <== this one loaded properly with "revoked"
    Expired <== this wouldn't load.

    ISRG Root X2
    Valid <== this one worked OK
    Revoked <== this one loaded with a "revoked" page.
    Expired <== this one wouldn't load.


    So.. the certifs are probably installed fine in system/browser
    program?

    Now, only TB's mail system is still complaining about
    invalidity. :(

    Thunderbird and Firefox have their own certificate databases. They don't use the system's.

    --
    gopher://gopher.richardfalken.com/1/richardfalken

    ---
    þ Synchronet þ Palantir BBS * palantirbbs.ddns.net * Pensacola, FL
  • From Ogg@VERT/CAPCITY2 to Arelor on Mon Oct 18 19:35:00 2021
    Hello Arelor!

    ** On Sunday 17.10.21 - 05:55, Arelor wrote to Ogg:

    You also have to manually remove the expired DST X3 one.


    Ah.. That I haven't done.

    But I didn't see any "LetsEncrypt" certifs in the list of
    certifs.


    --- OpenXP 5.0.50
    * Origin: Ogg's Dovenet Point (723:320/1.9)
    þ Synchronet þ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
  • From Arelor@VERT/PALANT to Ogg on Tue Oct 19 03:23:54 2021
    Re: let's encrypt certif problem
    By: Ogg to Arelor on Mon Oct 18 2021 07:35 pm

    Hello Arelor!

    ** On Sunday 17.10.21 - 05:55, Arelor wrote to Ogg:

    You also have to manually remove the expired DST X3 one.


    Ah.. That I haven't done.

    But I didn't see any "LetsEncrypt" certifs in the list of
    certifs.

    Because it is not a Let's Encrypt certificate. It is an Internet Security Research Group certificate. Internet Security Research Group are the owners of Let's Encrypt.

    --
    gopher://gopher.richardfalken.com/1/richardfalken

    ---
    þ Synchronet þ Palantir BBS * palantirbbs.ddns.net * Pensacola, FL