[GLLUG] irssi and ssl
John Edwards
john at cornerstonelinux.co.uk
Mon Nov 15 20:48:23 UTC 2021
Hi
On Mon, Nov 15, 2021 at 07:57:36PM +0000, Henrik Morsing via GLLUG wrote:
<snip>
> Server: irc.aachat.net
> Port: 6697
> SSL: Yes, enforced
> Channel: #a&a
Which is signed by Let's Encrypt CA certificates:
---
Certificate chain
0 s:CN = irc.aachat.net
i:C = US, O = Let's Encrypt, CN = R3
1 s:C = US, O = Let's Encrypt, CN = R3
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
i:O = Digital Signature Trust Co., CN = DST Root CA X3
---
Verification reports OK on my machine (Ubuntu 20.04).
The "ISRG Root X1" CA certificate should be in Debian 8 and above:
https://letsencrypt.org/docs/certificate-compatibility/
https://letsencrypt.org/certificates/
On Ubuntu (and probably also Debian) this CA certificate is
/etc/ssl/certs/ISRG_Root_X1.pem which is a symlink to
/usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt
So you may want to check that those files still exist and have not
been altered (assuming location is same/similar on Debian).
For info the SHA1 sums on my machine are:
$ sha1sum /etc/ssl/certs/ISRG_Root_X1.pem /usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt
4de9627fe9ace4acce27eaa1a0837cd3db55704b /etc/ssl/certs/ISRG_Root_X1.pem
4de9627fe9ace4acce27eaa1a0837cd3db55704b /usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt
Which match the PEM file on Let's Encrypt site:
https://letsencrypt.org/certs/isrgrootx1.pem.txt
--
#---------------------------------------------------------#
| John Edwards Email: john at cornerstonelinux.co.uk |
#---------------------------------------------------------#
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20211115/dbbc4384/attachment.sig>
More information about the GLLUG
mailing list