[Rd] r-project.org SSL certificate issues

Gábor Csárdi c@@rd|@g@bor @end|ng |rom gm@||@com
Sun May 31 00:32:44 CEST 2020


On Sat, May 30, 2020 at 11:02 PM Jeroen Ooms <jeroen using berkeley.edu> wrote:
[...]
>
> What you need to do is replace the final certificate with this one
> (just copy-paste the base64 cert): https://crt.sh/?d=1720081 .Then
> restart the server.

You can also export this from Keychain Access on macOS, btw. find
"COMODO RSA Certification Authority" and right click, export, PEM
format.

> See here for details:
> https://support.sectigo.com/articles/Knowledge/Sectigo-AddTrust-External-CA-Root-Expiring-May-30-2020
> . This site talks about "For business processes that depend on very
> old systems...." but the reality is that this affects everything that
> uses openssl for https, including curl, svn, etc.

Btw. why does this affect openssl? That root cert was published in
2010, surely openssl should know about it? Maybe libcurl / openssl
only uses the chain provided by the server? Without trying to use an
alternate chain?

Gabor



More information about the R-devel mailing list