<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Here we had problems with clients using an Auerswald PBX showing
the following error message:</p>
<p>503: Certificate Validation Failure<br>
SSL-Error 10: certificate has expired, depth=3 /O=Digital
Signature Trust Co./CN=DST Root CA X3 )<br>
</p>
<p>Regards,<br>
Matthias</p>
<p><br>
</p>
<div class="moz-cite-prefix">On 08.10.21 19:49, Sergiu Pojoga wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAJZsGCnVjy3N3Y0qRChFWyL-tE52WOQ3OQY0=p7bo8zt=WtriA@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">Like our comrades at APIBAN. Had to patch the CA
list on older linux distros to get this restarted.
<div><br>
</div>
<div>Oct 8 10:20:21 kamailio[8476]: WARNING: http_client
[functions.c:308]: curL_request_url(): TLS server certificate
validation error (No valid CA cert) (url: <a
href="https://apiban.org/api/.." target="_blank"
moz-do-not-send="true">https://apiban.org/api/..</a>.)<br>
</div>
<div><br>
</div>
<div>@Fred, all good out there bud? lol<br>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Fri, Oct 8, 2021 at 12:30
PM Maxim Sobolev <<a href="mailto:sobomax@sippysoft.com"
target="_blank" moz-do-not-send="true">sobomax@sippysoft.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div dir="auto">
<div>Some of our internal API have started to fail and most
of software update routines jammed up as a result until we
figured out how to cope with that issue.
<div dir="auto"><br>
</div>
<div dir="auto">Not the first one and certainly not the
last. In general PKI/TLS is by design prone to issues
like this and I am sad industry has not come up with
anything better yet to communicate over insecure
channels. :( Noise protocol certainly holds lots of
potential in my view but mills of IETF mill slowly, so
we are going to be suffering for many years to come I am
afraid.</div>
<div dir="auto"><br>
</div>
<div dir="auto">-Max</div>
<br>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Fri., Oct. 8, 2021,
8:23 a.m. Henning Westerholt, <<a
href="mailto:hw@skalatan.de" target="_blank"
moz-do-not-send="true">hw@skalatan.de</a>> wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px
0px 0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div lang="DE">
<div>
<p class="MsoNormal"><span lang="EN-GB">Hello,</span></p>
<p class="MsoNormal"><span lang="EN-GB"> </span></p>
<p class="MsoNormal"><span lang="EN-GB">in total
we had three customer incidents (two server
related, one client related) because of this,
one of them was a major incident.</span></p>
<p class="MsoNormal"><span lang="EN-GB"> </span></p>
<p class="MsoNormal"><span lang="EN-GB">Cheers,</span></p>
<p class="MsoNormal"><span lang="EN-GB"> </span></p>
<p class="MsoNormal"><span lang="EN-GB">Henning</span></p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"><span lang="EN-GB">-- </span></p>
<p class="MsoNormal"><span lang="EN-GB">Henning
Westerholt –
</span><span><a href="https://skalatan.de/blog/"
rel="noreferrer" target="_blank"
moz-do-not-send="true"><span
style="color:rgb(5,99,193)" lang="EN-GB">https://skalatan.de/blog/</span></a></span><span
lang="EN-GB"></span></p>
<p class="MsoNormal"><span lang="EN-GB">Kamailio
services –
</span><span><a href="https://gilawa.com/"
rel="noreferrer" target="_blank"
moz-do-not-send="true"><span
style="color:rgb(5,99,193)" lang="EN-GB">https://gilawa.com</span></a></span><span
lang="EN-GB"></span></p>
<p class="MsoNormal"><span lang="EN-GB"> </span></p>
<p class="MsoNormal"><span lang="EN-GB"> </span></p>
<p class="MsoNormal"><span lang="EN-GB"> </span></p>
<div
style="border-right:none;border-bottom:none;border-left:none;border-top:1pt
solid rgb(225,225,225);padding:3pt 0cm 0cm">
<p class="MsoNormal" style="margin-left:35.4pt"><b>From:</b>
sr-users <<a
href="mailto:sr-users-bounces@lists.kamailio.org"
rel="noreferrer" target="_blank"
moz-do-not-send="true">sr-users-bounces@lists.kamailio.org</a>>
<b>On Behalf Of </b>Joel Serrano<br>
<b>Sent:</b> Friday, October 1, 2021 9:05 PM<br>
<b>To:</b> Kamailio (SER) - Users Mailing List
<<a
href="mailto:sr-users@lists.kamailio.org"
rel="noreferrer" target="_blank"
moz-do-not-send="true">sr-users@lists.kamailio.org</a>><br>
<b>Subject:</b> [SR-Users] Let's Encrypt DST
Root CA X3 cert CA expiration 30th/Sept - Any
issues?</p>
</div>
<p class="MsoNormal" style="margin-left:35.4pt"> </p>
<div>
<p class="MsoNormal" style="margin-left:35.4pt">Hello, </p>
<div>
<p class="MsoNormal"
style="margin-left:35.4pt"> </p>
</div>
<div>
<p class="MsoNormal"
style="margin-left:35.4pt">I'm wondering if
anyone had any issues yesterday with the
expiration of the DST Root CA X3 cert?</p>
</div>
<div>
<p class="MsoNormal"
style="margin-left:35.4pt"> </p>
</div>
<div>
<p class="MsoNormal"
style="margin-left:35.4pt">Out of all the
servers I manage, only a couple were
affected (debian 8). They were production
servers so we replaced the cert with a
different one to solve the issue while
we find the root cause. </p>
</div>
<div>
<p class="MsoNormal"
style="margin-left:35.4pt"> </p>
</div>
<div>
<p class="MsoNormal"
style="margin-left:35.4pt">Anyone out there
had any issues yesterday because of this?
I'm just curious!</p>
</div>
<div>
<p class="MsoNormal"
style="margin-left:35.4pt"> </p>
</div>
<div>
<p class="MsoNormal"
style="margin-left:35.4pt">Joel.</p>
</div>
</div>
</div>
</div>
__________________________________________________________<br>
Kamailio - Users Mailing List - Non Commercial
Discussions<br>
* <a href="mailto:sr-users@lists.kamailio.org"
rel="noreferrer" target="_blank"
moz-do-not-send="true">sr-users@lists.kamailio.org</a><br>
Important: keep the mailing list in the recipients, do
not reply only to the sender!<br>
Edit mailing list options or unsubscribe:<br>
* <a
href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users"
rel="noreferrer noreferrer" target="_blank"
moz-do-not-send="true">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br>
</blockquote>
</div>
</div>
</div>
__________________________________________________________<br>
Kamailio - Users Mailing List - Non Commercial Discussions<br>
* <a href="mailto:sr-users@lists.kamailio.org"
target="_blank" moz-do-not-send="true">sr-users@lists.kamailio.org</a><br>
Important: keep the mailing list in the recipients, do not
reply only to the sender!<br>
Edit mailing list options or unsubscribe:<br>
* <a
href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users"
rel="noreferrer" target="_blank" moz-do-not-send="true">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br>
</blockquote>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
* <a class="moz-txt-link-abbreviated" href="mailto:sr-users@lists.kamailio.org">sr-users@lists.kamailio.org</a>
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
* <a class="moz-txt-link-freetext" href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a>
</pre>
</blockquote>
</body>
</html>