[Interest] SSL & Let's Encrypt certificate expiration
Hamish Moffatt
hamish at risingsoftware.com
Thu Oct 7 00:28:45 CEST 2021
On 7/10/21 02:53, Thiago Macieira wrote:
> On Wednesday, 6 October 2021 02:41:39 PDT Hamish Moffatt via Interest wrote:
>> I upgraded to 1.0.2u and added the X1 root directly to Qt. Now the
>> application works. But the instructions from OpenSSL say to also remove
>> the X3 root which I'm not able to do (it's loaded from Windows), so I am
>> puzzled by why this works. I have not done anything special when
>> generating my certificates like requesting the alternate certificate chain.
> If OpenSSL has any path to a still-valid root certificate, then it can ignore
> the others. That's one way of dealing with expirations: you add a new link in
> the chain that will continue to be valid when the other path(s) aren't.
The OpenSSL blog writes that this unfortunately doesn't happen with
1.0.2 though - it sees the expired root and gives up.
https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/
Hamish
More information about the Interest
mailing list