infra-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Anton Kedin (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (INFRA-18800) dist.apache.org is missing an intermediate certificate
Date Thu, 25 Jul 2019 20:09:00 GMT

     [ https://issues.apache.org/jira/browse/INFRA-18800?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Anton Kedin updated INFRA-18800:
--------------------------------
    Description: 
Seems like an intermediate cert is not sent by dist.apache.org and since it was updated recently
the old boxes don't have it. Causes issues like this: https://issues.apache.org/jira/browse/BEAM-7821


Trying to wget something:

```
--2019-07-25 18:28:31--  https://dist.apache.org/repos/dist/dev/beam/2.14.0/python/apache-beam-2.14.0.zip

Resolving dist.apache.org... 209.188.14.144

Connecting to dist.apache.org|209.188.14.144|:443... connected.

ERROR: cannot verify dist.apache.org's certificate, issued by ‘CN=Sectigo RSA Domain
Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB’:

  Unable to locally verify the issuer's authority.

To connect to dist.apache.org insecurely, use `--no-check-certificate'.
```

Cert details: https://www.ssllabs.com/ssltest/analyze.html?d=dist.apache.org

dist.apache.org needs to be updated to send the intermediate certificate as well

  was:
Seems like an intermediate cert is not sent by dist.apache.org and since it was updated recently
the old boxes don't have it see issues like this: https://issues.apache.org/jira/browse/BEAM-7821


Trying to wget something:

```
--2019-07-25 18:28:31--  https://dist.apache.org/repos/dist/dev/beam/2.14.0/python/apache-beam-2.14.0.zip

Resolving dist.apache.org... 209.188.14.144

Connecting to dist.apache.org|209.188.14.144|:443... connected.

ERROR: cannot verify dist.apache.org's certificate, issued by ‘CN=Sectigo RSA Domain
Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB’:

  Unable to locally verify the issuer's authority.

To connect to dist.apache.org insecurely, use `--no-check-certificate'.
```

Cert details: https://www.ssllabs.com/ssltest/analyze.html?d=dist.apache.org

dist.apache.org needs to be updated to send the intermediate certificate as well


> dist.apache.org is missing an intermediate certificate
> ------------------------------------------------------
>
>                 Key: INFRA-18800
>                 URL: https://issues.apache.org/jira/browse/INFRA-18800
>             Project: Infrastructure
>          Issue Type: Bug
>          Components: HTTP Server
>            Reporter: Anton Kedin
>            Priority: Major
>         Attachments: dist_apache_org_intermediate_cert.png
>
>
> Seems like an intermediate cert is not sent by dist.apache.org and since it was updated
recently the old boxes don't have it. Causes issues like this: https://issues.apache.org/jira/browse/BEAM-7821

> Trying to wget something:
> ```
> --2019-07-25 18:28:31--  https://dist.apache.org/repos/dist/dev/beam/2.14.0/python/apache-beam-2.14.0.zip
> Resolving dist.apache.org... 209.188.14.144
> Connecting to dist.apache.org|209.188.14.144|:443... connected.
> ERROR: cannot verify dist.apache.org's certificate, issued by ‘CN=Sectigo RSA Domain
Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB’:
>   Unable to locally verify the issuer's authority.
> To connect to dist.apache.org insecurely, use `--no-check-certificate'.
> ```
> Cert details: https://www.ssllabs.com/ssltest/analyze.html?d=dist.apache.org
> dist.apache.org needs to be updated to send the intermediate certificate as well



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)

Mime
View raw message