Date: Tue, 26 Mar 2019 15:10:05 +0000 From: Lorenzo Salvadore <phascolarctos@protonmail.ch> To: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: security/ca_root_nss missing Let's Encrypt X3 certificate Message-ID: <B8Wa10TGEw-pmRp3BoVybt_u-TnD3Eho4S5tjCgqvvAvmyu5xscJqrXup0JpMj-uRJqRqhgHdNHuVq4HcZkazzP8VuBVPh9FYzFsebrshwU=@protonmail.ch> In-Reply-To: <2ed32cc3-ab80-7a0c-58c2-152bee067f7a@netfence.it> References: <d81ae160-44c1-693d-f97b-abb1830b0c48@netfence.it> <20190326.195821.2023506369953085466.yasu@utahime.org> <2ed32cc3-ab80-7a0c-58c2-152bee067f7a@netfence.it>
next in thread | previous in thread | raw e-mail | index | archive | help
=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90 Original Me= ssage =E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90 On Tuesday 26 March 2019 14:45, Andrea Venturoli <ml@netfence.it> wrote: > On 3/26/19 11:58 AM, Yasuhiro KIMURA wrote: > > > What server application you use? > > I use Let's Encrypt certificates in Apache's HTTPd, sendmail, > cyrus-imap, etc... > However, this is not relevant here: I'm talking about FreeBSD as a > client and not necessarily connecting to "my" servers. > > > Let's Encrypt Authority X3 is signed by DST Root CA X3. > > Ok. > > > And DST Root CA X3 is included in security/ca_root_nss. > > Right again: I did not notice this. > > > So if you configured server application > > properly it should be able to use server sertificates issued by Let's > > Encrypt. > > Again, it's not a server problem, but rather a client program. > > It works now, even if I didn't change anything!!! > I don't know what happened really... several sites were not working, but > they are reachable again. > > Thanks anyway and sorry for the noise! > > bye > av. I sometimes experienced similar strange behaviors with certificates. I do not know very well how certificates work, but I think time is a factor and if responses arrive too late the certificate is not correctly recognize= d (please, be patient if I'm wrong, my knowledge on the topic is vague). I notice that we are both from Italy: I wonder if the problem is that our connections sometimes are too slow to have certificates work correctly. Lorenzo Salvadore.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B8Wa10TGEw-pmRp3BoVybt_u-TnD3Eho4S5tjCgqvvAvmyu5xscJqrXup0JpMj-uRJqRqhgHdNHuVq4HcZkazzP8VuBVPh9FYzFsebrshwU=>