Closed olokos closed 1 year ago
olokos
commented
2 years ago I have done something wrong here with eeb18b9ade403bee5e1116f3b1f0a05efa7f32e3, cant access psstore with file generated with that version certs.log . Here's the certs.cer from latest commit
olokos
commented
2 years ago Now every possible website I can think of and test that works over https works, while iTLS 3.2 certs are prioritized first, so ps store and all other sony services work well. I could not see any difference in full console reboot time or anything else.
SKGleba
commented
2 years ago 3.74 also added certs that should fix all current site issues, willsee
olokos
commented
2 years ago https://curl.se/docs/caextract.html Above is the source of the certificates I have added below the Original Sony Certificates. I couldn't find a better source of certificates.
Additionally, the certificates on top have priority over those on the bottom, knowing that, the struture of the new certificate file consists of:
Original OFW Certificate Mozzila certificates
Thanks to this approach, we avoid any potential issued caused by wrong priority of SSL Certs.
As for replacing
IdenTrust DST Root CA X3 with IdenTrust Commercial Root CA 1
More details can be found in a link below, this is the way to go basically, old websites work fine, modern will also load no problem. https://www.identrust.com/support/downloads
ticky
commented
1 year ago Awesome! I had trouble building iTLS-Enso myself with the right flags to have write access, so I (ab)used the fact that the app is installed on the regular file system under ux0:app to replace the cert file with this updated version, and that's fixed some sites for me. Would love a maintenance release with the newer certificates! 😃
olokos
commented
1 year ago I personally just used vitaRW homebrew, I think one of the Vita homebrew downloader applications had a binary, that allow write access to all Vita partitions and then using ftp I copied the updated certs from my PC to vita and then vitashell to copy the certs from ux0:/ to vs0:/data/external/cert/CA_LIST.cer
Well, actually I very often used ftp to upload it straight to vs0:/ when working on this, but I wouldn't recommend others to do the same, above approach is preffered if You want to try it Yourself before a new build is up.
SKGleba
commented
1 year ago is it still valid? i have a time slot in the next few days to update itls
olokos
commented
1 year ago Yes, it is the most up-to-date and complete version. I suppose it's still years before certificates need any new update again.
Thanks for making the new release! :)
I'm not sure if it's any issue at all being twice the size of the original list of certificates, but this would bring the certificates up-to-date and possibly allow accessing more websites/services.