Zertifikatsproblem

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Zertifikatsproblem

Jochen123
Kann sich da jemand drum kümmern?

====
Date: Wed, 13 Jan 2021 22:53:23 -0800
To: [hidden email]
Subject: SSL Certificate

Hello,

When I went to install JOSM, I got a certificate error trying to connect to
josm.openstreetmap.de. Double checked with this site
<https://www.ionos.com/tools/ssl-checker> and it looks like something might be
configured incorrectly.
====

Jochen
--
Jochen Topf  [hidden email]  https://www.jochentopf.com/  +49-351-31778688

Reply | Threaded
Open this post in threaded view
|

Re: Zertifikatsproblem

Sebastiaan Couwenberg
On 1/14/21 9:13 AM, Jochen Topf wrote:
> When I went to install JOSM, I got a certificate error trying to connect to
> josm.openstreetmap.de. Double checked with this site
> <https://www.ionos.com/tools/ssl-checker> and it looks like something might be
> configured incorrectly.

The intermediate certificate for R3 is missing:

$ openssl s_client -connect josm.openstreetmap.de:443
CONNECTED(00000003)
depth=0 CN = josm.openstreetmap.de
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = josm.openstreetmap.de
verify error:num=21:unable to verify the first certificate
verify return:1
depth=0 CN = josm.openstreetmap.de
verify return:1
---
Certificate chain
 0 s:CN = josm.openstreetmap.de
   i:C = US, O = Let's Encrypt, CN = R3
 1 s:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
   i:O = Digital Signature Trust Co., CN = DST Root CA X3
 2 s:O = Digital Signature Trust Co., CN = DST Root CA X3
   i:O = Digital Signature Trust Co., CN = DST Root CA X3
---

See also:

 https://www.ssllabs.com/ssltest/analyze.html?d=josm.openstreetmap.de&s=95.216.72.248&hideResults=on&latest

The Let's Encrypt certificate chain from another site:

 0 s:CN = example.com
   i:C = US, O = Let's Encrypt, CN = R3
 1 s:C = US, O = Let's Encrypt, CN = R3
   i:O = Digital Signature Trust Co., CN = DST Root CA X3

That uses the fullchain.pem created by certbot for the apache
SSLCertificateFile.

Perhaps the apache configuration or LE client needs to be updated.

Kind Regards,

Bas

--
 GPG Key ID: 4096R/6750F10AE88D4AF1
Fingerprint: 8182 DE41 7056 408D 6146  50D1 6750 F10A E88D 4AF1