tickets #124457
open2048 bit RSA intermediate at download.opensuse.org
0%
Description
hi,
we received this:
https://bugzilla.suse.com/show_bug.cgi?id=1208210
It seems genuine:
Certificate chain
0 s:CN = opensuse.org
i:C = US, O = Let's Encrypt, CN = R3
a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
v:NotBefore: Jan 9 00:42:31 2023 GMT; NotAfter: Apr 9 00:42:30 2023 GMT
1 s:C = US, O = Let's Encrypt, CN = R3
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Sep 4 00:00:00 2020 GMT; NotAfter: Sep 15 16:00:00 2025 GMT
2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
i:O = Digital Signature Trust Co., CN = DST Root CA X3
a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
v:NotBefore: Jan 20 19:14:03 2021 GMT; NotAfter: Sep 30 18:14:03 2024 GMT
Can this be fixed?
Ciao, Marcus
Updated by meissner@suse.de about 2 years ago
Hi,
This seems a letsencrypt side issue, probalby not possible for us to
fix easily.
Ciao, Marcus
On Tue, Feb 14, 2023 at 08:47:43AM +0000, redmine@opensuse.org wrote:
[openSUSE Tracker]
Issue #124457 has been reported by meissner@suse.de.
tickets #124457: 2048 bit RSA intermediate at download.opensuse.org
https://progress.opensuse.org/issues/124457
- Author: meissner@suse.de
- Status: New
- Priority: Normal
- Assignee:
- Category:
* Target version: ¶
hi,
we received this:
https://bugzilla.suse.com/show_bug.cgi?id=1208210It seems genuine:
Certificate chain
0 s:CN = opensuse.org
i:C = US, O = Let's Encrypt, CN = R3
a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
v:NotBefore: Jan 9 00:42:31 2023 GMT; NotAfter: Apr 9 00:42:30 2023 GMT
1 s:C = US, O = Let's Encrypt, CN = R3
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Sep 4 00:00:00 2020 GMT; NotAfter: Sep 15 16:00:00 2025 GMT
2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
i:O = Digital Signature Trust Co., CN = DST Root CA X3
a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
v:NotBefore: Jan 20 19:14:03 2021 GMT; NotAfter: Sep 30 18:14:03 2024 GMTCan this be fixed?
Ciao, Marcus
--
You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: http://progress.opensuse.org/my/account
--
Marcus Meissner (he/him), Distinguished Engineer / Senior Project Manager Security
SUSE Software Solutions Germany GmbH, Frankenstrasse 146, 90461 Nuernberg, Germany
GF: Ivo Totev, Andrew Myers, Andrew McDonald, Martje Boudien Moerman, HRB 36809, AG Nuernberg
Updated by crameleon about 2 years ago
Most we could do is switch to Let's Encrypt's E1 (ECDSA) intermediate. Then our full chain will be ECDSA. But it's considered "experimental".
Updated by crameleon over 1 year ago
- Assignee set to opensuse-admin-obs
Machine is now managed by the build team, re-assigning to obs-admin.
Updated by darix over 1 year ago
- Status changed from New to Blocked
based on https://letsencrypt.org/certificates/ ... there is no intermediate right now that would fulfill those requirements. so this should be brought up at the LE level
Updated by darix about 1 month ago
here is the thing. dehydrated (which is the tool we use to manage the cert) grabs the intermediate from LE when it gets the certs. so we grab the intermediate that LE offers us in the process.