infra-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Pilloud (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (INFRA-18800) dist.apache.org is missing an intermediate certificate
Date Thu, 08 Aug 2019 16:46:00 GMT

    [ https://issues.apache.org/jira/browse/INFRA-18800?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16903135#comment-16903135
] 

Andrew Pilloud commented on INFRA-18800:
----------------------------------------

Per the ssl labs test, cwiki.apache.org is also missing the intermediate required for the
old SHA1 root:
https://www.ssllabs.com/ssltest/analyze.html?d=cwiki.apache.org

> dist.apache.org is missing an intermediate certificate
> ------------------------------------------------------
>
>                 Key: INFRA-18800
>                 URL: https://issues.apache.org/jira/browse/INFRA-18800
>             Project: Infrastructure
>          Issue Type: Bug
>          Components: HTTP Server
>            Reporter: Anton Kedin
>            Assignee: John Andrunas
>            Priority: Major
>         Attachments: dist_apache_org_intermediate_cert.png
>
>
> Seems like an intermediate cert is not sent by dist.apache.org and since it was updated
recently the old boxes don't have it. Causes issues like this: https://issues.apache.org/jira/browse/BEAM-7821

> Trying to wget something:
> ```
> --2019-07-25 18:28:31--  https://dist.apache.org/repos/dist/dev/beam/2.14.0/python/apache-beam-2.14.0.zip
> Resolving dist.apache.org... 209.188.14.144
> Connecting to dist.apache.org|209.188.14.144|:443... connected.
> ERROR: cannot verify dist.apache.org's certificate, issued by ‘CN=Sectigo RSA Domain
Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB’:
>   Unable to locally verify the issuer's authority.
> To connect to dist.apache.org insecurely, use `--no-check-certificate'.
> ```
> Cert details: https://www.ssllabs.com/ssltest/analyze.html?d=dist.apache.org
> dist.apache.org needs to be updated to send the intermediate certificate as well



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)

Mime
View raw message