openSUSE admin

Hi,

This seems a letsencrypt side issue, probalby not possible for us to
fix easily.

Ciao, Marcus
On Tue, Feb 14, 2023 at 08:47:43AM +0000, redmine@opensuse.org wrote:

[openSUSE Tracker]
Issue #124457 has been reported by meissner@suse.de.

---

tickets #124457: 2048 bit RSA intermediate at download.opensuse.org
https://progress.opensuse.org/issues/124457

• Author: meissner@suse.de
• Status: New
• Priority: Normal
• Assignee:
• Category:

* Target version: ¶

hi,

we received this:
https://bugzilla.suse.com/show_bug.cgi?id=1208210

It seems genuine:

Certificate chain
0 s:CN = opensuse.org
i:C = US, O = Let's Encrypt, CN = R3
a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
v:NotBefore: Jan 9 00:42:31 2023 GMT; NotAfter: Apr 9 00:42:30 2023 GMT
1 s:C = US, O = Let's Encrypt, CN = R3
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Sep 4 00:00:00 2020 GMT; NotAfter: Sep 15 16:00:00 2025 GMT
2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
i:O = Digital Signature Trust Co., CN = DST Root CA X3
a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
v:NotBefore: Jan 20 19:14:03 2021 GMT; NotAfter: Sep 30 18:14:03 2024 GMT

Can this be fixed?

Ciao, Marcus

--
You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: http://progress.opensuse.org/my/account

--
Marcus Meissner (he/him), Distinguished Engineer / Senior Project Manager Security
SUSE Software Solutions Germany GmbH, Frankenstrasse 146, 90461 Nuernberg, Germany
GF: Ivo Totev, Andrew Myers, Andrew McDonald, Martje Boudien Moerman, HRB 36809, AG Nuernberg

Most we could do is switch to Let's Encrypt's E1 (ECDSA) intermediate. Then our full chain will be ECDSA. But it's considered "experimental".