On 01.10.21 20:07, Michael Aronoff wrote:
I have done a yum update but I am still having users with Apple devicesthat cannot check email. Anyone have any suggestions? ________________________________ M Aronoff Out – maron...@gmail.com
the answer from Michael in the following mail suggesting to renew the LE certificates worked on Apple's *Firefox only* (strange enough, huh?), Safari, Chrome & Opera still showed the old R3 certificate and broke the chain of my Mac users. I thought it was a AdminServer problem, but it ain't,it's an Apple-LetsEncrypt idiosyncrasy, it took me a while to find out... the fix for Mac users: • download the ISRG Root X1 certificate file from https://letsencrypt.org/certs/isrgrootx1.pem • download the LE's R3 certificate file from https://letsencrypt.org/certs/lets-encrypt-r3.pem • open «Keychain Access.app» and select the System folder in the Keychains column on top left (not the System Roots folder) • drag the two downloaded files isrgrootx1.pem and lets-encrypt-r3.pem file into the System folder's right pane, one must approve this action with the administrator password (Trust: Use System Defaults) the ISRG Root X1 certificate should be listed as valid Root certificate authority expireing Monday, 4 June 2035 at 13:04:38 Central European Summer Time the R3 certificate should be listed as valid «R3» Intermediate certificate authority expiring Monday, 15 September 2025 at 18:00:00 Central European Summer Time now accessing the AdminServer over port :81 shouldn't throw an error on any browser of the Mac. I think it fixed AppleMail's certificate problem, too; it did it on Thunderbird best regards で⊃ Meaulnes Legler Zurich, Switzerland +41¦0 44 260-1660 I'm on *Wire* as @meaulnes — https://get.wire.com/ /no more Whatzap and so on!/ _______________________________________________ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx