sysmoBTS: fix ca-certificates
Since the LetEncrypt Root CA expiry fiasco a sysmobts is unable to use https, not least to access the sysmocom repos.
This script will disable the X3 cert and add the new LE root.
#!/bin/bash grep isrgrootx1.pem /etc/ca-certificates.conf && exit wget -q --no-check-certificate https://letsencrypt.org/certs/isrgrootx1.pem -O /usr/share/ca-certificates/isrgrootx1.pem sed -i '/^mozilla\/AffirmTrust_Commercial.crt/i isrgrootx1.pem' /etc/ca-certificates.conf sed -i '/^mozilla\/DST_Root_CA_X3/s/^/!/' /etc/ca-certificates.conf update-ca-certificates
Maybe we can also somehow update the yocto/poky opkg package "ca-certificates"?
- Status changed from New to In Progress
- Assignee changed from sysmocom to laforge
- % Done changed from 0 to 20
tried to resolve it for 201705-nightly in:
commit 8d3ccdf0eb5c555684287f4fb51bba51dc2ed4f3 Author: Harald Welte <firstname.lastname@example.org> Date: Tue Oct 12 21:13:03 2021 +0200 ca-certificates: Migrate from DST_X3 to ISRG_X1 Closes: OS#5259
let's see if that works and then introduce the change to 201705 next.
- File sysmocom-nitb-image-sysmobts-v2-20211014074622.rootfs.ubi sysmocom-nitb-image-sysmobts-v2-20211014074622.rootfs.ubi added
- Status changed from In Progress to Feedback
- Assignee changed from laforge to keith
- Priority changed from Low to High
- % Done changed from 20 to 70
please test the attached image if it resolves the problem. thanks!