Thread 'Update IdenTrust DST Root CA X3 certificate on older FreeBSD'

Questions and Answers : Unix/Linux : Update IdenTrust DST Root CA X3 certificate on older FreeBSD
Message board moderation

To post messages, you must log in.

AuthorMessage
Demis

Send message
Joined: 7 Nov 17
Posts: 29
Credit: 13,770,308
RAC: 278
Message 3085 - Posted: 5 Oct 2021, 11:11:13 UTC

IdenTrust DST Root CA X3 certificate, is expired 30.09.2021.

For older systems FreeBSD (eg 10) is no longer supported.
Dirty method for renewing certificates.

1. Download from site
https://curl.se/ca/cacert.pem
https://curl.se/docs/caextract.html
on over other computer.

2. Move cacert.pem to your computer
3. cp -p cacert.pem cacert.crt
4. cp -p cacert.crt ca-root-nss.crt
5. cp -p /usr/local/share/certs/ca-root-nss.crt /usr/local/share/certs/ca-root-nss-old1.crt
(make copy old file)
6. cp -p ca-root-nss.crt /usr/local/share/certs/
7. Restart your computer
8. If file ca-root-nss.crt exists in other place - update then his...

If you additionally use your own valid "Class 1" certificates, do not forget to connect them too.

For supported FreeBSD systems (e.g. 11, 12, 13).
Just update the ports and reinstall the ca_root_nss port ( /usr/ports/security/ca_root_nss ).

Info: https://scotthelme.co.uk/lets-encrypt-old-root-expiration/
ID: 3085 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote

Questions and Answers : Unix/Linux : Update IdenTrust DST Root CA X3 certificate on older FreeBSD

©2024 ©2024 Progger & Stefano Tognon (ice00) & Reese