(Moving from macports to macos-talk)
I am still having a problem with this.
I've managed to get the DST root into my system as "trusted for all users".
But the ISRG root is only marked as "trusted for this account" as my normal
user ID, and it fails to authenticate for a process that runs as root
This is the a good question. The control of the web and all things associate
with it (now access to banking) depend on them certs. By expiring a root CA you
get rid of a lot of stubborn old people.
Adrian
> On 3 Oct 2021, at 00:56, Michael wrote:
>
> ugh. Well, doing a search shows a LOT of
On Tue, Oct 05, 2021 at 05:33:53PM -0500, Ryan Schmidt
wrote:
>
> On Oct 3, 2021, at 02:32, raf wrote:
>
> > The instructions
> > https://trac.macports.org/wiki/ProblemHotlist#letsencrypt
> > include a suggestion of asking other webserver
> > administrators to delete "DST Root CA X3" from thei
On Oct 3, 2021, at 02:32, raf wrote:
> The instructions
> https://trac.macports.org/wiki/ProblemHotlist#letsencrypt
> include a suggestion of asking other webserver
> administrators to delete "DST Root CA X3" from their
> full chain, and use --preferred-chain "ISRG Root X1"
> when next renewing
On Sat, Oct 02, 2021 at 08:56:18PM -0700, Michael wrote:
> ugh. Well, doing a search shows a LOT of articles about this very
> issue -- this was apparently a known "this is going to affect a lot of
> people" deal, and "just update your software, or ... sorry." was the
> only answer.
>
> But, I a
On Sat, Oct 02, 2021 at 10:32:40PM -0500, Ryan Schmidt
wrote:
> On Oct 2, 2021, at 22:06, Michael wrote:
> >
> > So, first, I want to say "Thank you" for this bit:
> >
> >> • From View menu select "Show Expired Certificates"
> >
> > In keychain access, I could not see the expired certs, and w
ugh. Well, doing a search shows a LOT of articles about this very issue -- this
was apparently a known "this is going to affect a lot of people" deal, and
"just update your software, or ... sorry." was the only answer.
But, I at least did find out why certs expire.
Seriously though: A cert iden
On Oct 2, 2021, at 22:06, Michael wrote:
>
> So, first, I want to say "Thank you" for this bit:
>
>> • From View menu select "Show Expired Certificates"
>
> In keychain access, I could not see the expired certs, and was thinking that
> they were just deleted for being old. Once I could find the
On Sat, Oct 02, 2021 at 08:06:27PM -0700, Michael wrote:
> So, first, I want to say "Thank you" for this bit:
>
> > • From View menu select "Show Expired Certificates"
>
> In keychain access, I could not see the expired certs, and was
> thinking that they were just deleted for being old. Once I
So, first, I want to say "Thank you" for this bit:
> • From View menu select "Show Expired Certificates"
In keychain access, I could not see the expired certs, and was thinking that
they were just deleted for being old. Once I could find the old ones, I could
turn them back on.
The second thin
I've added info about this to the problem hotlist including instructions for
how to add the new ISRG Root X1 certificate to your older Mac manually:
https://trac.macports.org/wiki/ProblemHotlist#letsencrypt
I've done this on our Buildbot machines running OS X 10.11 and earlier which
should al
On Sat, Oct 02, 2021 at 04:14:05AM -0500, Ryan Schmidt
wrote:
> macports.org and other secure web sites that use Let's Encrypt may
> no longer be accessible to you if you use older versions of macOS
> or older browsers or user agents. For example, the libcurl in macOS
> 10.14 can't talk to many
macports.org and other secure web sites that use Let's Encrypt may no longer be
accessible to you if you use older versions of macOS or older browsers or user
agents. For example, the libcurl in macOS 10.14 can't talk to many Let's
Encrypt web sites now, including distfiles.macports.org and
pac
13 matches
Mail list logo