Hi,
It was indeed related to the ca-certificates package.
Thanks for your help!
Best Regards
-----Message d'origine-----
De : Christoph Moench-Tegeder [mailto:cmt@burggraben.net]
Envoyé : jeudi 14 octobre 2021 15:29
À : Cedric Rey <cerey@groupemutuel.ch>
Cc : pgsql-general@lists.postgresql.org
Objet : Re: Certificate validity error download.postgresql.org
## Cedric Rey (cerey@groupemutuel.ch):
> the certificate on download.postgresql.org has expired :
>
> openssl s_client -connect download.postgresql.org:443
> CONNECTED(00000003)
> depth=3 O = Digital Signature Trust Co., CN = DST Root CA X3 verify
> error:num=10:certificate has expired notAfter=Sep 30 14:01:15 2021 GMT
That's complaining about the "DST Root CA X3" certificate, and that's
(partially) expected: https://letsencrypt.org/2021/10/01/cert-chaining-help.html
But the fact that you're seeing this indicates that you're either running an horribly outdated version of openssl (as
Danielmentioned), but even CentOS' "OpenSSL 1.0.2k-fips 26 Jan 2017" has been fixed in this regard.
The other possibility is that your trusted CA list is outdated: that would be package ca-certificates (same name in deb
andrpm world).
I do know from my own experience that at least the "old" (2020.2.something) Redhat package is missing the new "ISRG
RootX1" certificate, you'll need version 2021.2.something.
Regards,
Christoph
--
Spare Space
-
https://www.groupemutuel.ch
https://www.facebook.com/groupemutuel.ch
https://twitter.com/Groupe_Mutuel
https://www.linkedin.com/company/groupe-mutuel
https://www.instagram.com/groupemutuel/
--------------------------------
This e-mail may contain confidential and/or privileged information.
If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and
deletethis e-mail.
Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.