Uploaded image for project: 'Infrastructure'
  1. Infrastructure
  2. INFRA-20366

issues.apache.org: Please update certificate chain

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Resolved
    • Fix Version/s: None
    • Component/s: Bugzilla, JIRA
    • Labels:
      None
    • Project:
      Infrastructure

      Description

      Hello, it appears issues.apache.org is still pined to the expired AddTrust certificate which expired 5/30/2020:
      {code}
      cwb@precise:~$ openssl s_client -showcerts -connect issues.apache.org:443 | awk 'BEGIN{RS="-----END CERTIFICATE-----"} /AddTrust/{print $0 RS}' | openssl x509 -noout -dates
      depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
      verify return:1
      depth=1 C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA
      verify return:1
      depth=0 OU = Domain Control Validated, OU = PositiveSSL Wildcard, CN = *.apache.org
      verify return:1

      notBefore=May 30 10:48:38 2000 GMT
      notAfter=May 30 10:48:38 2020 GMT
      {code}

      This can also be seen at:
      https://www.ssllabs.com/ssltest/analyze.html?d=issues.apache.org&s=188.40.67.172&latest

      This is causing OCSP validation failures for those of us behind OCSP verifying corporate proxies.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                clayb Clay B.
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: