On Sat, May 30, 2020 at 11:02 PM Jeroen Ooms <jer...@berkeley.edu> wrote: [...] > > What you need to do is replace the final certificate with this one > (just copy-paste the base64 cert): https://crt.sh/?d=1720081 .Then > restart the server.
You can also export this from Keychain Access on macOS, btw. find "COMODO RSA Certification Authority" and right click, export, PEM format. > See here for details: > https://support.sectigo.com/articles/Knowledge/Sectigo-AddTrust-External-CA-Root-Expiring-May-30-2020 > . This site talks about "For business processes that depend on very > old systems...." but the reality is that this affects everything that > uses openssl for https, including curl, svn, etc. Btw. why does this affect openssl? That root cert was published in 2010, surely openssl should know about it? Maybe libcurl / openssl only uses the chain provided by the server? Without trying to use an alternate chain? Gabor ______________________________________________ R-devel@r-project.org mailing list https://stat.ethz.ch/mailman/listinfo/r-devel