Thx. Turned out the local cacrt.pem bundle had expired certs. Downloading and installing a current bundle solved the cert expired error from wget.
-----Original Message----- From: Nick Couchman <vn...@apache.org> Sent: Thursday, July 6, 2023 8:46 PM To: user@guacamole.apache.org Subject: Re: FYI download certs expired On Thu, Jul 6, 2023 at 8:17 PM Mark Li <m...@baretoes.net> wrote: > > When I download guac software I need to use an insecure flag because without > the flag I get an cert expired error (with wget on centos7). This only > occurs when downloading the client and server (1.5.2) software. > You may want to check other items on your end - like any deep packet inspection and/or SSL/TLS firewalls. The certificates for the Apache.org infrastructure all appear to be valid: $ openssl s_client -connect guacamole.apache.org:443 CONNECTED(00000003) depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = R3 verify return:1 depth=0 CN = *.apache.org verify return:1 --- Certificate chain 0 s:CN = *.apache.org i:C = US, O = Let's Encrypt, CN = R3 a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Jun 12 16:01:34 2023 GMT; NotAfter: Sep 10 16:01:33 2023 GMT 1 s:C = US, O = Let's Encrypt, CN = R3 i:C = US, O = Internet Security Research Group, CN = ISRG Root X1 a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Sep 4 00:00:00 2020 GMT; NotAfter: Sep 15 16:00:00 2025 GMT 2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1 i:O = Digital Signature Trust Co., CN = DST Root CA X3 a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256 v:NotBefore: Jan 20 19:14:03 2021 GMT; NotAfter: Sep 30 18:14:03 2024 GMT $ openssl s_client -connect apache.org:443 CONNECTED(00000003) depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = R3 verify return:1 depth=0 CN = apache.org verify return:1 --- Certificate chain 0 s:CN = apache.org i:C = US, O = Let's Encrypt, CN = R3 a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Jun 30 15:03:49 2023 GMT; NotAfter: Sep 28 15:03:48 2023 GMT 1 s:C = US, O = Let's Encrypt, CN = R3 i:C = US, O = Internet Security Research Group, CN = ISRG Root X1 a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Sep 4 00:00:00 2020 GMT; NotAfter: Sep 15 16:00:00 2025 GMT 2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1 i:O = Digital Signature Trust Co., CN = DST Root CA X3 a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256 v:NotBefore: Jan 20 19:14:03 2021 GMT; NotAfter: Sep 30 18:14:03 2024 GMT -Nick --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org