search

rapid7 / metasploitable3

Metasploitable3 is a VM that is built from the ground up with a large amount of security vulnerabilities.
Other
4.78k stars 1.15k forks source link

remove expired DST root CA #603

Open deargle opened 1 year ago

deargle commented 1 year ago

see https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/:

The currently recommended certificate chain as presented to Let’s Encrypt ACME clients when new certificates are issued contains an intermediate certificate (ISRG Root X1) that is signed by an old DST Root CA X3 certificate that expires on 2021-09-30. In some cases the OpenSSL 1.0.2 version will regard the certificates issued by the Let’s Encrypt CA as having an expired trust chain.

(The Ubuntu VM is on OpenSSL 1.0.1f)

closes #590

deargle commented 1 year ago

I also realized the iptables recipe hadn't been added to the packer chef runlist; this fixed that, too, might as well. It was in the vagrant chef runlist.

e: actually it wasn't necessary to add the iptables recipe, since the recipes that depend on it already include_recipe it. I'll re-remove it.