[Interest] SSL & Let's Encrypt certificate expiration

Hamish Moffatt hamish at risingsoftware.com
Wed Oct 6 02:03:43 CEST 2021


On 6/10/21 06:13, Thiago Macieira wrote:
> On Tuesday, 5 October 2021 11:45:23 PDT Christophe Thomas wrote:
>> For the cert chain we are currently using the default LE setting so we
>> currently provide the X1 Cross signed with expired X3.
>>
>> Netherless, the issue is that strangely we need to force caCertificate load
>> in order to have the connexion accepted.
> In the client's system, is the ISRG Root X1 certificate present? Can you check
> with plain openssl s_client command to see if the problem is OpenSSL?
>

We have had some difficulty here with Windows 10's "lazy loading" of the 
root certificates. Unless users have been to a site that uses the ISRG 
X1 root certificate using Chrome or Edge, they do not have this 
certificate and it is not available to Qt. As soon as they visit a site 
that uses the new root in Chrome or Edge, Windows loads the certificate 
and it works in Qt.



Hamish



More information about the Interest mailing list