tickets #124457
open2048 bit RSA intermediate at download.opensuse.org
0%
Description
hi,
we received this:
https://bugzilla.suse.com/show_bug.cgi?id=1208210
It seems genuine:
Certificate chain
0 s:CN = opensuse.org
i:C = US, O = Let's Encrypt, CN = R3
a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
v:NotBefore: Jan 9 00:42:31 2023 GMT; NotAfter: Apr 9 00:42:30 2023 GMT
1 s:C = US, O = Let's Encrypt, CN = R3
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Sep 4 00:00:00 2020 GMT; NotAfter: Sep 15 16:00:00 2025 GMT
2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
i:O = Digital Signature Trust Co., CN = DST Root CA X3
a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
v:NotBefore: Jan 20 19:14:03 2021 GMT; NotAfter: Sep 30 18:14:03 2024 GMT
Can this be fixed?
Ciao, Marcus
Updated by meissner@suse.de almost 2 years ago
Hi,
This seems a letsencrypt side issue, probalby not possible for us to
fix easily.
Ciao, Marcus
On Tue, Feb 14, 2023 at 08:47:43AM +0000, redmine@opensuse.org wrote:
[openSUSE Tracker]
Issue #124457 has been reported by meissner@suse.de.
tickets #124457: 2048 bit RSA intermediate at download.opensuse.org
https://progress.opensuse.org/issues/124457
- Author: meissner@suse.de
- Status: New
- Priority: Normal
- Assignee:
- Category:
* Target version: ¶
hi,
we received this:
https://bugzilla.suse.com/show_bug.cgi?id=1208210It seems genuine:
Certificate chain
0 s:CN = opensuse.org
i:C = US, O = Let's Encrypt, CN = R3
a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
v:NotBefore: Jan 9 00:42:31 2023 GMT; NotAfter: Apr 9 00:42:30 2023 GMT
1 s:C = US, O = Let's Encrypt, CN = R3
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Sep 4 00:00:00 2020 GMT; NotAfter: Sep 15 16:00:00 2025 GMT
2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
i:O = Digital Signature Trust Co., CN = DST Root CA X3
a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
v:NotBefore: Jan 20 19:14:03 2021 GMT; NotAfter: Sep 30 18:14:03 2024 GMTCan this be fixed?
Ciao, Marcus
--
You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: http://progress.opensuse.org/my/account
--
Marcus Meissner (he/him), Distinguished Engineer / Senior Project Manager Security
SUSE Software Solutions Germany GmbH, Frankenstrasse 146, 90461 Nuernberg, Germany
GF: Ivo Totev, Andrew Myers, Andrew McDonald, Martje Boudien Moerman, HRB 36809, AG Nuernberg
Updated by crameleon almost 2 years ago
Most we could do is switch to Let's Encrypt's E1 (ECDSA) intermediate. Then our full chain will be ECDSA. But it's considered "experimental".
Updated by crameleon about 1 year ago
- Assignee set to opensuse-admin-obs
Machine is now managed by the build team, re-assigning to obs-admin.
Updated by darix about 1 year ago
- Status changed from New to Blocked
based on https://letsencrypt.org/certificates/ ... there is no intermediate right now that would fulfill those requirements. so this should be brought up at the LE level