I'm curious whether this approach of cross-signing from a root
certificate which has already expired is exceptional for Let's Encrypt.
I'm not aware of any discussion on what conditions this approach could
be accepted by Mozilla and other root certificate programs. Or, is it
just an usual
I think it is a mistake to assume that the "intermediate" (i.e. your
ISRG Root X1 cross-signed by DST Root CA X3) is the same certificate as
your self-signed ISRG Root X1. The "intermediate" can only be chained
up to expired DST Root CA X3.
On 08-Jan-21 1:31 AM, Aaron Gable via
2 matches
Mail list logo
