[Interest] SSL & Let's Encrypt certificate expiration
Hamish Moffatt
hamish at risingsoftware.com
Wed Oct 6 02:03:43 CEST 2021
On 6/10/21 06:13, Thiago Macieira wrote:
> On Tuesday, 5 October 2021 11:45:23 PDT Christophe Thomas wrote:
>> For the cert chain we are currently using the default LE setting so we
>> currently provide the X1 Cross signed with expired X3.
>>
>> Netherless, the issue is that strangely we need to force caCertificate load
>> in order to have the connexion accepted.
> In the client's system, is the ISRG Root X1 certificate present? Can you check
> with plain openssl s_client command to see if the problem is OpenSSL?
>
We have had some difficulty here with Windows 10's "lazy loading" of the
root certificates. Unless users have been to a site that uses the ISRG
X1 root certificate using Chrome or Edge, they do not have this
certificate and it is not available to Qt. As soon as they visit a site
that uses the new root in Chrome or Edge, Windows loads the certificate
and it works in Qt.
Hamish
More information about the Interest
mailing list