|
- Where is ISRG Root X1 certificate on Windows 10?
However I found out if you access your certificates by doing a windows search for "Internet Properties", then clicking on the "Trusted Root Certification Authorities" tab, you will find ISRG Root X1 there Compare it to what you see in certmgr msc, and you will find out that there is obviously and issue
- Why openssl verify does not work for the certificate chain of a . . .
Subject: C = US, O = Internet Security Research Group, CN = ISRG Root X1 Issuer: O = Digital Signature Trust Co , CN = DST Root CA X3 But in order to use an intermediate certificate instead of a root certificate (self-signed, issuer and subject are the same) one need to use the -partial_chain option for openssl verify
- certificates - Openssl and Lets Encrypt Cert Chain - Information . . .
The cert returned from openssl didn't fix the issue and I eventually added the Self-Signed ISRG Root and everything started working I also tried adding the -trusted_first option to my openssl command but that displays the same certs
- tls - How to set modify positive trust attributes in a certificate . . .
Yes it was contradicting to state that "openssl's documentation there is no information" about this topic while my answer pointed to the information (coming from openssl's documentation) which describes how to set trust attributes After setting the trust attribute I was able to connect using openssl s_client (see my updated answer)
- What is the difference between a Self-signed root certificate and a . . .
Yes, root certificates are always self-signed and self-issued A great example of this is Let's Encrypt's root certificates They are cross certified by IdenTrust Those are not root certificates Only IdenTrust and ISRG Root X1 are root (there is also ISRG Root X1 signed by DST Root CA X3, DST Root CA X3 has expired after 30th September 2021 14 UTC) But, after AddTrust "suddenly" expired
- NordVPN Couldnt Estabish a Secure Connection - ISRG Root X2
ISRG is the entity who runs LetsEncrypt and "ISRG Root X2" is the LetsEncrypt CA that anchors ECC certs But ISRG X2 is fairly recently created and not yet widely trusted -- it apparently is not in the truststore of whatever you are running -- and as that diagram shows servers are supposed to not use X2's own root cert but instead a 'bridge' cert for X2 cross-signed by X1 which IS now widely
- How to specifiy -CAPath using OpenSSL in windows to perform TLS . . .
Win+R > certmgr opens the program, and then Certificates - Local Computer > Trusted Root Certification Authorities > Certificates opens the list From there select the appropriate Certificate Authority (as an example, if you're authenticating against LetsEncrypt Certbot, the CA in 2021 is "ISRG Root X1")
- Firewall is blocking OCSP (Online Certificate Status Protocol) check
1 It appears that the reason TLS failed is that the machine was an older Windows machine that did not have the latest ISRG Root X1 certificate for lets encrypt After installing it the connection started working The connectivity issue is still relevant though, and thanks to @dave_thompson_085 we figured out that this was an OCSP call that failed
|
|
|