Project

General

Profile

Actions

Bug #14551

closed

DST_Root_CA_X3.pem expired

Added by David Stes 9 months ago. Updated 8 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
OI-Userland
Target version:
Start date:
2021-09-30
Due date:
2022-03-03
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:

Description

For reference purposes: with old ca-certificates before version 3.71

$ pkg contents ca-certificates | grep DST_Root_CA
etc/certs/CA/DST_Root_CA_X3.pem

This certificate expired on Sep 30 2021.

The impact / result is that Squeak (smalltalk-80 on OpenIndiana) was unable to connect to the squeak.org website and code repository, over SSL (the website has a certificate signed by X3).

The LetsEncrypt website suggests to remove the certificate :

[[https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/]]

and

[[https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/]]

Meanwhile the issue was escalated to Mozilla:

[[https://bugzilla.mozilla.org/show_bug.cgi?id=1733560]]

Mozilla removed the X3 certificate from their NSS product from release 3.74.

The current release in OpenIndiana 3.75 does not have the expired X3 certificate any longer, so the issue is now fixed.


Related issues

Related to OpenIndiana Distribution - Bug #14510: ca-certificates contains a non UTF-8 pathResolvedOI Userland

Actions
Actions

Also available in: Atom PDF