griest
Cadet
- Joined
- Oct 6, 2021
- Messages
- 5
Due to a bug in OpenSSL 1.0.x and the fact that the update servers rely on an expired cert, I am not able to connect to the update servers or create jails. The problem is explained here. The workaround I wish to use is as follows:
I have tried removing the expired cert from
Before you suggest upgrading to TrueNAS Core 12.x (which would fix the problem), I can't, I only have 8GB of RAM.
Just remove the expired root certificate (DST Root CA X3) from the trust store used by the OpenSSL 1.0.2 TLS client to verify the identity of TLS servers. If the new ISRG Root X1 self-signed certificate isn’t already in the trust store, add it.
I have tried removing the expired cert from
/etc/ssl/cert.pem
, /etc/ssl/truenas_cacerts.pem
, and /usr/local/etc/ssl/cert.pem
but it is readded to those files when I reboot the system. What is the correct way to remove expired certs from the CA trust store?Before you suggest upgrading to TrueNAS Core 12.x (which would fix the problem), I can't, I only have 8GB of RAM.