Re: [Blink] Expired certificate for Ubuntu Focal Repository?

Thu, 04 Nov 2021 09:33:45 -0700 

> These certificates shouldn't be connected to the Let's encrypt issue in
> any way...
>
> When running update-ca-certificate, did you get the reply "added 1"?
>
> Make sure that this link is available:
> /etc/ssl/certs/lets-encrypt-r3.pem ->
> /usr/local/share/ca-certificates/lets-encrypt-r3.crt
>
> Maybe try after running `update-ca-certificate -f` ("Fresh updates").
>
> Ahhh wait, I also installed the Trustid X3 from here:
> https://letsencrypt.org/certs/trustid-x3-root.pem.txt - Maybe this
> together with the R3 did do the trick?
>
> According to Let's Encrypt this is the actual DST Root CA X3 certificate.
I tried adding that one too,

        # update-ca-certificates
        Updating certificates in /etc/ssl/certs...
        1 added, 0 removed; done.
        Running hooks in /etc/ca-certificates/update.d...

        Adding debian:trustid-x3-root.pem

but I still get the SSL certificate verification error.

I see a pair of certificates mentioned in the log file, pjsip_trace.txt,
but they are good through 2029-1-24 and 2022-0-17 respectively.  The
error in the log looks like this:


[blink 1001] (1) b'2021-11-04 18:28:27.955      ssl0x7fdb80028320
[SSL_set_tlsext_host_name] server_name:sip2sip.info'
[blink 1001] (1) b'2021-11-04 18:28:28.047        ssl_sock_ossl.c [local
TLS certificate] subject:/C=NL/ST=Noord-Holland/L=Haarlem/O=AG
Projects/OU=Blink/CN=Blink/[email protected] |
issuer:/C=NL/ST=Noord-Holland/L=Haarlem/O=AG
Projects/OU=Development/CN=AG Projects
Development/[email protected] | valid until:2029-1-24'
[blink 1001] (1) b"2021-11-04 18:28:28.047        ssl_sock_ossl.c
[remote TLS certificate] subject:/CN=sip2sip.info | issuer:/C=US/O=Let's
Encrypt/CN=R3 | valid until:2022-0-17 | host:85.17.186.23:50451"
[blink 1001] (4) b'2021-11-04 18:28:28.047        sip_transport.c
Transport tlsc0x7fdb801289a8 shutting down, force=0'
[blink 1001] (3) b'2021-11-04 18:28:28.047     tlsc0x7fdb801289a8 TLS
connect() error: [code=171173] peer: 85.17.186.23: SSL certificate
verification error (PJSIP_TLS_ECERTVERIF)'
[blink 1001] (3) b'2021-11-04 18:28:28.047      tsx0x7fdb800e7bd8 Failed
to send Request msg INVITE/cseq=20872 (tdta0x7fdb800b8558)! err=171173
(SSL certificate verification error (PJSIP_TLS_ECERTVERIF))'
[blink 1001] (5) b'2021-11-04 18:28:28.047      tsx0x7fdb800e7bd8 State
changed from Calling to Terminated, event=TRANSPORT_ERROR'



/Lars
_______________________________________________
Blink mailing list
[email protected]
https://lists.ag-projects.com/mailman/listinfo/blink

Reply via email to