Make apt work again by dropping the expired "DST Root CA X3" cert (!82) · Merge requests · infrastructure / tiny-image-recipes

Walter Lozano requested to merge wip/wlozano/certificate-fix into apertis/v2022pre Oct 06, 2021

Remove the expired DST Root CA X3 as it causes issues with old versions of GnuTLS as they validates the full available chain even if one of the intermediate certificates is trusted on its own. This happens in particular with letsencrypt whose intended root certificate is "ISRG Root X1", which itself has been signed by the now expired "DST Root CA X3" certificate.

Signed-off-by: Walter Lozano walter.lozano@collabora.com

Edited Oct 07, 2021 by Walter Lozano

Admin message

Make apt work again by dropping the expired "DST Root CA X3" cert

Merge request reports