Here we had problems with clients using an Auerswald PBX showing the following error message:
503: Certificate Validation Failure SSL-Error 10: certificate has expired, depth=3 /O=Digital Signature Trust Co./CN=DST Root CA X3 )
Regards, Matthias
On 08.10.21 19:49, Sergiu Pojoga wrote:
Like our comrades at APIBAN. Had to patch the CA list on older linux distros to get this restarted.
Oct 8 10:20:21 kamailio[8476]: WARNING: http_client [functions.c:308]: curL_request_url(): TLS server certificate validation error (No valid CA cert) (url: https://apiban.org/api/.. https://apiban.org/api/...)
@Fred, all good out there bud? lol
On Fri, Oct 8, 2021 at 12:30 PM Maxim Sobolev <sobomax@sippysoft.com mailto:sobomax@sippysoft.com> wrote:
Some of our internal API have started to fail and most of software update routines jammed up as a result until we figured out how to cope with that issue. Not the first one and certainly not the last. In general PKI/TLS is by design prone to issues like this and I am sad industry has not come up with anything better yet to communicate over insecure channels. :( Noise protocol certainly holds lots of potential in my view but mills of IETF mill slowly, so we are going to be suffering for many years to come I am afraid. -Max On Fri., Oct. 8, 2021, 8:23 a.m. Henning Westerholt, <hw@skalatan.de <mailto:hw@skalatan.de>> wrote: Hello, in total we had three customer incidents (two server related, one client related) because of this, one of them was a major incident. Cheers, Henning -- Henning Westerholt – https://skalatan.de/blog/ <https://skalatan.de/blog/> Kamailio services – https://gilawa.com <https://gilawa.com/> *From:* sr-users <sr-users-bounces@lists.kamailio.org <mailto:sr-users-bounces@lists.kamailio.org>> *On Behalf Of *Joel Serrano *Sent:* Friday, October 1, 2021 9:05 PM *To:* Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.org <mailto:sr-users@lists.kamailio.org>> *Subject:* [SR-Users] Let's Encrypt DST Root CA X3 cert CA expiration 30th/Sept - Any issues? Hello, I'm wondering if anyone had any issues yesterday with the expiration of the DST Root CA X3 cert? Out of all the servers I manage, only a couple were affected (debian 8). They were production servers so we replaced the cert with a different one to solve the issue while we find the root cause. Anyone out there had any issues yesterday because of this? I'm just curious! Joel. __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions * sr-users@lists.kamailio.org <mailto:sr-users@lists.kamailio.org> Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users <https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users> __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions * sr-users@lists.kamailio.org <mailto:sr-users@lists.kamailio.org> Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users <https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users>
Kamailio - Users Mailing List - Non Commercial Discussions
- sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: