• let's encrypt certif problem

    From Ogg@VERT/CAPCITY2 to All on Tue Oct 12 03:30:00 2021
    It's been a few months since I last checked in on my nntp
    account with eternal-september, but TB is reporting that there
    is a certif problem:

    https://susepaste.org/24549546

    It seems to look fine in the sense that the dates are still
    good.

    But is there a way to update the certif and be able to log in?





    --- OpenXP 5.0.50
    * Origin: Ogg's Dovenet Point (723:320/1.9)
    þ Synchronet þ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
  • From MRO@VERT/BBSESINF to Ogg on Tue Oct 12 05:21:06 2021
    Re: let's encrypt certif problem
    By: Ogg to All on Mon Oct 11 2021 08:30 pm

    It's been a few months since I last checked in on my nntp
    account with eternal-september, but TB is reporting that there
    is a certif problem:

    https://susepaste.org/24549546

    It seems to look fine in the sense that the dates are still
    good.

    But is there a way to update the certif and be able to log in?

    why dont you talk to their support and ask them.
    ---
    þ Synchronet þ ::: BBSES.info - free BBS services :::
  • From Ogg@VERT/CAPCITY2 to Arelor on Sat Oct 16 05:16:00 2021
    Hello Arelor!

    ** On Tuesday 12.10.21 - 08:02, Arelor wrote to Ogg:

    Maybe you can remove DST X3 from your trust chain (since it is expired)
    and add the self signed let's encrypt certificate from here:

    https://letsencrypt.org/certificates/

    More information about the issue here:

    https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/

    The info and reason is all good, but I need a step-by-step
    intruction on how to work with certifs. I downloaded what I
    though was a required replacement/updated certif [Cross-signed
    by DST Root CA X3] from one of the above links, but it prompted
    me for a password to proceed with the installation.

    Meanwhile, I learned that OpenXP doesn't care about any
    certifs, and I can fetch my eternal-september messages with
    that. I don't need to use TB at all. But it wold be nice to
    fix the certif problem.

    --- OpenXP 5.0.50
    * Origin: Ogg's Dovenet Point (723:320/1.9)
    þ Synchronet þ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
  • From Arelor@VERT/PALANT to Ogg on Sat Oct 16 13:31:01 2021
    Re: let's encrypt certif problem
    By: Ogg to Arelor on Fri Oct 15 2021 10:16 pm

    The info and reason is all good, but I need a step-by-step
    intruction on how to work with certifs. I downloaded what I
    though was a required replacement/updated certif [Cross-signed
    by DST Root CA X3] from one of the above links, but it prompted
    me for a password to proceed with the installation.

    Meanwhile, I learned that OpenXP doesn't care about any
    certifs, and I can fetch my eternal-september messages with
    that. I don't need to use TB at all. But it wold be nice to
    fix the certif problem.

    You need the self-signed certificate, not the cross-signed one, since the cross-signed one is using an old, expired trust chain.

    I am sure there are ten thousand guides floating around the internet regarding certificate updateing. Most Linux and BSDs around got the problem fixed via a regular update.

    --
    gopher://gopher.richardfalken.com/1/richardfalken

    ---
    þ Synchronet þ Palantir BBS * palantirbbs.ddns.net * Pensacola, FL
  • From Ogg@VERT/CAPCITY2 to Arelor on Sun Oct 17 02:51:00 2021
    Hello Arelor!

    ** On Saturday 16.10.21 - 06:31, Arelor wrote to Ogg:

    You need the self-signed certificate, not the cross-signed
    one, since the cross-signed one is using an old, expired
    trust chain.


    I installed both self0signed ones, and I did that in XP and TB.

    Still doesn't work.


    I am sure there are ten thousand guides floating around the internet regarding certificate updateing. Most Linux and BSDs around got the
    problem fixed via a regular update.

    I know how to go through the "install certif" process in XP and
    TB. But, these marked "==>" are not making any difference:

    Active

    ISRG Root X1 (RSA 4096, O = Internet Security Research Group, CN = ISRG Root X1)
    Self-signed: der, pem, txt

    Active, limited availability

    ISRG Root X2 (ECDSA P-384, O = Internet Security Research Group, CN = ISRG Root X2)
    Self-signed: der, pem, txt



    --- OpenXP 5.0.50
    * Origin: Ogg's Dovenet Point (723:320/1.9)
    þ Synchronet þ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
  • From Arelor@VERT/PALANT to Ogg on Sun Oct 17 12:55:56 2021
    Re: let's encrypt certif problem
    By: Ogg to Arelor on Sat Oct 16 2021 07:51 pm

    Hello Arelor!

    ** On Saturday 16.10.21 - 06:31, Arelor wrote to Ogg:

    You need the self-signed certificate, not the cross-signed
    one, since the cross-signed one is using an old, expired
    trust chain.


    I installed both self0signed ones, and I did that in XP and TB.

    Still doesn't work.


    I am sure there are ten thousand guides floating around the internet regarding certificate updateing. Most Linux and BSDs around got the problem fixed via a regular update.

    I know how to go through the "install certif" process in XP and
    TB. But, these marked "==>" are not making any difference:

    Active

    ISRG Root X1 (RSA 4096, O = Internet Security Research Group, CN = ISRG Root X1)
    Self-signed: der, pem, txt

    Active, limited availability

    ISRG Root X2 (ECDSA P-384, O = Internet Security Research Group, CN = IS Root X2)
    Self-signed: der, pem, txt

    You also have to manually remove the expired DST X3 one.

    --
    gopher://gopher.richardfalken.com/1/richardfalken

    ---
    þ Synchronet þ Palantir BBS * palantirbbs.ddns.net * Pensacola, FL
  • From Ogg@VERT/CAPCITY2 to Arelor on Sun Oct 17 15:51:00 2021
    Hello Arelor!

    ** On Saturday 16.10.21 - 06:31, Arelor wrote to Ogg:

    You need the self-signed certificate, not the cross-signed
    one, since the cross-signed one is using an old, expired
    trust chain.

    Just a little followup.. I tried their "test" links below:

    ISRG Root X1
    Valid <== this one worked OK
    Revoked <== this one loaded properly with "revoked"
    Expired <== this wouldn't load.

    ISRG Root X2
    Valid <== this one worked OK
    Revoked <== this one loaded with a "revoked" page.
    Expired <== this one wouldn't load.


    So.. the certifs are probably installed fine in system/browser
    program?

    Now, only TB's mail system is still complaining about
    invalidity. :(


    --- OpenXP 5.0.50
    * Origin: Ogg's Dovenet Point (723:320/1.9)
    þ Synchronet þ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
  • From Arelor@VERT/PALANT to Ogg on Sun Oct 17 19:09:16 2021
    Re: let's encrypt certif problem
    By: Ogg to Arelor on Sun Oct 17 2021 08:51 am

    Hello Arelor!

    ** On Saturday 16.10.21 - 06:31, Arelor wrote to Ogg:

    You need the self-signed certificate, not the cross-signed
    one, since the cross-signed one is using an old, expired
    trust chain.

    Just a little followup.. I tried their "test" links below:

    ISRG Root X1
    Valid <== this one worked OK
    Revoked <== this one loaded properly with "revoked"
    Expired <== this wouldn't load.

    ISRG Root X2
    Valid <== this one worked OK
    Revoked <== this one loaded with a "revoked" page.
    Expired <== this one wouldn't load.


    So.. the certifs are probably installed fine in system/browser
    program?

    Now, only TB's mail system is still complaining about
    invalidity. :(

    Thunderbird and Firefox have their own certificate databases. They don't use the system's.

    --
    gopher://gopher.richardfalken.com/1/richardfalken

    ---
    þ Synchronet þ Palantir BBS * palantirbbs.ddns.net * Pensacola, FL
  • From Ogg@VERT/CAPCITY2 to Arelor on Tue Oct 19 02:35:00 2021
    Hello Arelor!

    ** On Sunday 17.10.21 - 05:55, Arelor wrote to Ogg:

    You also have to manually remove the expired DST X3 one.


    Ah.. That I haven't done.

    But I didn't see any "LetsEncrypt" certifs in the list of
    certifs.


    --- OpenXP 5.0.50
    * Origin: Ogg's Dovenet Point (723:320/1.9)
    þ Synchronet þ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
  • From Arelor@VERT/PALANT to Ogg on Tue Oct 19 10:23:54 2021
    Re: let's encrypt certif problem
    By: Ogg to Arelor on Mon Oct 18 2021 07:35 pm

    Hello Arelor!

    ** On Sunday 17.10.21 - 05:55, Arelor wrote to Ogg:

    You also have to manually remove the expired DST X3 one.


    Ah.. That I haven't done.

    But I didn't see any "LetsEncrypt" certifs in the list of
    certifs.

    Because it is not a Let's Encrypt certificate. It is an Internet Security Research Group certificate. Internet Security Research Group are the owners of Let's Encrypt.

    --
    gopher://gopher.richardfalken.com/1/richardfalken

    ---
    þ Synchronet þ Palantir BBS * palantirbbs.ddns.net * Pensacola, FL