Closed rkoopmans closed 3 years ago
Letsencrypt intermediate is cross signed and both root CA's are in the bundle but openssl < 1.1.0 will fail to validate the chain.
We remove the DST root for compatibility with LTS systems that use older software.
cabundle.pem contains: SHA256 Fingerprint=96:BC:EC:06:26:49:76:F3:74:60:77:9A:CF:28:C5:A7:CF:E8:A3:C0:AA:E1:1A:8F:FC:EE:05:C0:BD:DF:08:C6 issuer=C = US, O = Internet Security Research Group, CN = ISRG Root X1 subject=C = US, O = Internet Security Research Group, CN = ISRG Root X1 notBefore=Jun 4 11:04:38 2015 GMT notAfter=Jun 4 11:04:38 2035 GMT serial=8210CFB0D240E3594463E0BB63828B00
cabundle.pem removes: SHA256 Fingerprint=06:87:26:03:31:A7:24:03:D9:09:F1:05:E6:9B:CF:0D:32:E1:BD:24:93:FF:C6:D9:20:6D:11:BC:D6:77:07:39 issuer=O = Digital Signature Trust Co., CN = DST Root CA X3 subject=O = Digital Signature Trust Co., CN = DST Root CA X3 notBefore=Sep 30 21:12:19 2000 GMT notAfter=Sep 30 14:01:15 2021 GMT serial=44AFB080D6A327BA893039862EF8406B
Letsencrypt intermediate is cross signed and both root CA's are in the bundle but openssl < 1.1.0 will fail to validate the chain.
We remove the DST root for compatibility with LTS systems that use older software.
cabundle.pem contains: SHA256 Fingerprint=96:BC:EC:06:26:49:76:F3:74:60:77:9A:CF:28:C5:A7:CF:E8:A3:C0:AA:E1:1A:8F:FC:EE:05:C0:BD:DF:08:C6 issuer=C = US, O = Internet Security Research Group, CN = ISRG Root X1 subject=C = US, O = Internet Security Research Group, CN = ISRG Root X1 notBefore=Jun 4 11:04:38 2015 GMT notAfter=Jun 4 11:04:38 2035 GMT serial=8210CFB0D240E3594463E0BB63828B00
cabundle.pem removes: SHA256 Fingerprint=06:87:26:03:31:A7:24:03:D9:09:F1:05:E6:9B:CF:0D:32:E1:BD:24:93:FF:C6:D9:20:6D:11:BC:D6:77:07:39 issuer=O = Digital Signature Trust Co., CN = DST Root CA X3 subject=O = Digital Signature Trust Co., CN = DST Root CA X3 notBefore=Sep 30 21:12:19 2000 GMT notAfter=Sep 30 14:01:15 2021 GMT serial=44AFB080D6A327BA893039862EF8406B