Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  nodelist  faq  login

Do you guys know what you're doing, or are you just hacking?


computers / comp.sys.mac.vintage / Adding New Let's Encrypt Certificate for old Mac OS and iOS

SubjectAuthor
* Adding New Let's Encrypt Certificate for old Mac OS and iOSD Finnigan
+- Re: Adding New Let's Encrypt Certificate for old Mac OS and iOSDavid Lesher
`* Re: Adding New Let's Encrypt Certificate for old Mac OS and iOSsuper70s
 `* Re: Adding New Let's Encrypt Certificate for old Mac OS and iOSD Finnigan
  `- Re: Adding New Let's Encrypt Certificate for old Mac OS anddenodster

1
Subject: Adding New Let's Encrypt Certificate for old Mac OS and iOS
From: D Finnigan
Newsgroups: comp.sys.mac.vintage
Organization: Mac GUI
Date: Fri, 1 Oct 2021 02:12 UTC
Path: i2pn2.org!i2pn.org!news.swapon.de!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: dog_...@macgui.com (D Finnigan)
Newsgroups: comp.sys.mac.vintage
Subject: Adding New Let's Encrypt Certificate for old Mac OS and iOS
Date: Fri, 1 Oct 2021 02:12:12 -0000 (UTC)
Organization: Mac GUI
Lines: 20
Message-ID: <dog_cow-1633054331@macgui.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Injection-Date: Fri, 1 Oct 2021 02:12:12 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="c30a1a908a7f922b2e1e9697573f35c9";
logging-data="875"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+LJoQt/lCGPwjYlVKUOXe6"
User-Agent: Mac GUI Usenet
Cancel-Lock: sha1:ehOjVM/Nf+7SG1gpkSeC09bYXZQ=
View all headers
Today, one of Let's Encrypt's chain-of-trust certificates expired. This
caused some of my older Apple devices to give a certificate warning when
trying to access some web sites.

The fix is simple: you just need to add the new Let's Encrypt certificate to
the certificate trust store in iOS. The new certificate that you need to add
is called ISRG Root X1. You can get the PEM file here:
https://letsencrypt.org/certs/isrgrootx1.pem

If your machine can't access the Let's Encrypt web site because it doesn't
support newer versions of TLS, then you need to download the PEM file on a
newer computer, then put it on a web server that supports plain HTTP or an
older TLS version, and download from there. I'm sure most people reading
this newsgroup know how to set up a local web server at home to do this.

--
]DF$
The New Apple II User's Guide:
https://macgui.com/newa2guide/



Subject: Re: Adding New Let's Encrypt Certificate for old Mac OS and iOS
From: David Lesher
Newsgroups: comp.sys.mac.vintage
Organization: NRK Clinic for habitual NetNews Abusers - Beltway Annex
Date: Sun, 3 Oct 2021 20:23 UTC
References: 1
Path: rocksolid2!i2pn.org!weretis.net!feeder6.news.weretis.net!panix!.POSTED.panix5.panix.com!wb8foz
From: wb8...@panix.com (David Lesher)
Newsgroups: comp.sys.mac.vintage
Subject: Re: Adding New Let's Encrypt Certificate for old Mac OS and iOS
Date: Sun, 3 Oct 2021 20:23:07 -0000 (UTC)
Organization: NRK Clinic for habitual NetNews Abusers - Beltway Annex
Message-ID: <sjd3fb$qj8$1@reader1.panix.com>
References: <dog_cow-1633054331@macgui.com>
Injection-Date: Sun, 3 Oct 2021 20:23:07 -0000 (UTC)
Injection-Info: reader1.panix.com; posting-host="panix5.panix.com:166.84.1.5";
logging-data="27240"; mail-complaints-to="abuse@panix.com"
User-Agent: nn/6.7.3
View all headers
D Finnigan <dog_cow@macgui.com> writes:


The fix is simple: you just need to add the new Let's Encrypt certificate to
the certificate trust store in iOS. The new certificate that you need to add
is called ISRG Root X1. You can get the PEM file here:
https://letsencrypt.org/certs/isrgrootx1.pem

Thanks for the details and URL.

I saw https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
but your cite helped.

Note I had to delete an old X3 before I could install a new one, and Firefox
does not use the OSX Keychain.

--
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close..........................
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433


Subject: Re: Adding New Let's Encrypt Certificate for old Mac OS and iOS
From: super70s
Newsgroups: comp.sys.mac.vintage, comp.sys.mac.system
Organization: A noiseless patient Spider
Date: Wed, 13 Oct 2021 22:42 UTC
References: 1
Path: rocksolid2!news.neodome.net!news.mixmin.net!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: super...@super70s.invalid (super70s)
Newsgroups: comp.sys.mac.vintage,comp.sys.mac.system
Subject: Re: Adding New Let's Encrypt Certificate for old Mac OS and iOS
Date: Wed, 13 Oct 2021 17:42:12 -0500
Organization: A noiseless patient Spider
Lines: 29
Message-ID: <super70s-3C3B42.17421213102021@reader02.eternal-september.org>
References: <dog_cow-1633054331@macgui.com>
Injection-Info: reader02.eternal-september.org; posting-host="4af2fac26fc11b2d694469e58649a9b2";
logging-data="12255"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18ISUBjHEIICT8ewtKuSL809FyJnqghV0U="
User-Agent: MT-NewsWatcher/3.5.3b3 (PPC Mac OS X)
Cancel-Lock: sha1:0JfaIeQvdYaYJBAHxn0qvCl16E4=
X-No-Archive: yes
View all headers
In article <dog_cow-1633054331@macgui.com>,
 D Finnigan <dog_cow@macgui.com> wrote:

Today, one of Let's Encrypt's chain-of-trust certificates expired. This
caused some of my older Apple devices to give a certificate warning when
trying to access some web sites.

The fix is simple: you just need to add the new Let's Encrypt certificate to
the certificate trust store in iOS. The new certificate that you need to add
is called ISRG Root X1. You can get the PEM file here:
https://letsencrypt.org/certs/isrgrootx1.pem

If your machine can't access the Let's Encrypt web site because it doesn't
support newer versions of TLS, then you need to download the PEM file on a
newer computer, then put it on a web server that supports plain HTTP or an
older TLS version, and download from there. I'm sure most people reading
this newsgroup know how to set up a local web server at home to do this.

I didn't have a browser problem but both my Tenfourbird mail app on my
Power Mac G4 running 10.4 and Apple Mail app on my 2009 iMac running
10.11 quit connecting last week. I called my ISP who were clueless
("we'd be getting a lot of calls about this if our mail server was
down") but I finally figured it out after a little web searching and
installed the new certificate on both machines. Both mail accounts
started working normally.

Something strange though, the new certificate says it will expire in
Nov. 2021 but I'm not sure if it will or not. Guess I'll find out in
November.


Subject: Re: Adding New Let's Encrypt Certificate for old Mac OS and iOS
From: D Finnigan
Newsgroups: comp.sys.mac.vintage
Organization: Mac GUI
Date: Thu, 14 Oct 2021 00:09 UTC
References: 1 2
Path: rocksolid2!news.neodome.net!news.mixmin.net!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: dog_...@macgui.com (D Finnigan)
Newsgroups: comp.sys.mac.vintage
Subject: Re: Adding New Let's Encrypt Certificate for old Mac OS and iOS
Date: Thu, 14 Oct 2021 00:09:30 -0000 (UTC)
Organization: Mac GUI
Lines: 24
Message-ID: <dog_cow-1634170169@macgui.com>
References: <dog_cow-1633054331@macgui.com> <super70s-3C3B42.17421213102021@reader02.eternal-september.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Injection-Date: Thu, 14 Oct 2021 00:09:30 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="410f7cbbe34c2bec7352c61440caa8af";
logging-data="10873"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19inTwJ40x8P9wrtpSK6FYl"
User-Agent: Mac GUI Usenet
Cancel-Lock: sha1:ei3lP5Ufw1a3D+ExYxO9H8xfJzQ=
In-Reply-To: <super70s-3C3B42.17421213102021@reader02.eternal-september.org>
View all headers
super70s wrote:

I didn't have a browser problem but both my Tenfourbird mail app on my
Power Mac G4 running 10.4 and Apple Mail app on my 2009 iMac running
10.11 quit connecting last week.

Yeah, any service (not just browsers) that is using a certificate from Let's
Encrypt will need to be updated on older computer systems.


Something strange though, the new certificate says it will expire in
Nov. 2021 but I'm not sure if it will or not. Guess I'll find out in
November.

You might be looking at the expiration date of the "leaf" certificate, and
not the higher-up root certificate ISRG Root X1. This one should expire over
a decade from now.


--
]DF$
The New Apple II User's Guide:
https://macgui.com/newa2guide/



Subject: Re: Adding New Let's Encrypt Certificate for old Mac OS and iOS
From: denodster
Newsgroups: comp.sys.mac.vintage
Organization: A noiseless patient Spider
Date: Sat, 6 Nov 2021 04:16 UTC
References: 1
Path: i2pn2.org!rocksolid2!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: denods...@gmail.com (denodster)
Newsgroups: comp.sys.mac.vintage
Subject: Re: Adding New Let's Encrypt Certificate for old Mac OS and
iOS
Date: Sat, 6 Nov 2021 04:16:31 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 6
Sender: denodster@0.0.0.0
Message-ID: <sm4viu$nbh$1@dont-email.me>
References: <dog_cow-1633054331@macgui.com>
<super70s-3C3B42.17421213102021@reader02.eternal-september.org>
<dog_cow-1634170169@macgui.com>
Injection-Date: Sat, 6 Nov 2021 04:16:31 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="0752a76bd9e1187c3d04e3af34605ddc";
logging-data="23921"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18Fqv5H/7kR2CywEqJqLASglFL36hr0RsA="
Cancel-Lock: sha1:O/izVNEgT/9+wYZMdrBYUmEQ7eo=
X-Authenticated: denodster on INN host 0.0.0.0
X-Posted-From: InterNews 1.1@192.168.2.86
View all headers
Had a customer write in to our support email with this last week. We
were quite confused at first as we didn't have any other users that
seemed to be having issue with our site. It turned out she was using a
mac from several years back and running 10.11. Our solution ended up
being to ask her to try firefox, which solved the issue for her enough
to allow her to use our service.


1
rocksolid light 0.7.2
clearneti2ptor