Bug 1886063

Summary: Expiring O = Digital Signature Trust Co., CN = DST Root CA X3
Product: Red Hat Enterprise Linux 8 Reporter: Stanislav Zidek <szidek>
Component: ca-certificatesAssignee: Bob Relyea <rrelyea>
Status: CLOSED CURRENTRELEASE QA Contact: Alexander Sosedkin <asosedki>
Severity: low Docs Contact:
Priority: low    
Version: 8.6CC: asosedki, cllang, ol+redhat, philipp, ssorce
Target Milestone: rcKeywords: Triaged, ZStream
Target Release: 8.7   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ca-certificates-2022.2.54-80.2.el8_6 Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of:
: 2118463 (view as bug list) Environment:
Last Closed: 2023-06-05 16:22:55 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2118463    

Description Stanislav Zidek 2020-10-07 15:15:48 UTC 
This is just a tracking bug, unless the CA in question requests or has requested upstream for an inclusion of a refreshed certificate, it does not require any action.

Version-Release number of selected component (if applicable):
ca-certificates-2020.2.41-80.0.el8_2.noarch

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:af:b0:80:d6:a3:27:ba:89:30:39:86:2e:f8:40:6b
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: O = Digital Signature Trust Co., CN = DST Root CA X3
        Validity
            Not Before: Sep 30 21:12:19 2000 GMT
            Not After : Sep 30 14:01:15 2021 GMT
        Subject: O = Digital Signature Trust Co., CN = DST Root CA X3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:af:e9:97:50:08:83:57:b4:cc:62:65:f6:90:
                    82:ec:c7:d3:2c:6b:30:ca:5b:ec:d9:c3:7d:c7:40:
                    c1:18:14:8b:e0:e8:33:76:49:2a:e3:3f:21:49:93:
                    ac:4e:0e:af:3e:48:cb:65:ee:fc:d3:21:0f:65:d2:
                    2a:d9:32:8f:8c:e5:f7:77:b0:12:7b:b5:95:c0:89:
                    a3:a9:ba:ed:73:2e:7a:0c:06:32:83:a2:7e:8a:14:
                    30:cd:11:a0:e1:2a:38:b9:79:0a:31:fd:50:bd:80:
                    65:df:b7:51:63:83:c8:e2:88:61:ea:4b:61:81:ec:
                    52:6b:b9:a2:e2:4b:1a:28:9f:48:a3:9e:0c:da:09:
                    8e:3e:17:2e:1e:dd:20:df:5b:c6:2a:8a:ab:2e:bd:
                    70:ad:c5:0b:1a:25:90:74:72:c5:7b:6a:ab:34:d6:
                    30:89:ff:e5:68:13:7b:54:0b:c8:d6:ae:ec:5a:9c:
                    92:1e:3d:64:b3:8c:c6:df:bf:c9:41:70:ec:16:72:
                    d5:26:ec:38:55:39:43:d0:fc:fd:18:5c:40:f1:97:
                    eb:d5:9a:9b:8d:1d:ba:da:25:b9:c6:d8:df:c1:15:
                    02:3a:ab:da:6e:f1:3e:2e:f5:5c:08:9c:3c:d6:83:
                    69:e4:10:9b:19:2a:b6:29:57:e3:e5:3d:9b:9f:f0:
                    02:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Subject Key Identifier: 
                C4:A7:B1:A4:7B:2C:71:FA:DB:E1:4B:90:75:FF:C4:15:60:85:89:10
    Signature Algorithm: sha1WithRSAEncryption
         a3:1a:2c:9b:17:00:5c:a9:1e:ee:28:66:37:3a:bf:83:c7:3f:
         4b:c3:09:a0:95:20:5d:e3:d9:59:44:d2:3e:0d:3e:bd:8a:4b:
         a0:74:1f:ce:10:82:9c:74:1a:1d:7e:98:1a:dd:cb:13:4b:b3:
         20:44:e4:91:e9:cc:fc:7d:a5:db:6a:e5:fe:e6:fd:e0:4e:dd:
         b7:00:3a:b5:70:49:af:f2:e5:eb:02:f1:d1:02:8b:19:cb:94:
         3a:5e:48:c4:18:1e:58:19:5f:1e:02:5a:f0:0c:f1:b1:ad:a9:
         dc:59:86:8b:6e:e9:91:f5:86:ca:fa:b9:66:33:aa:59:5b:ce:
         e2:a7:16:73:47:cb:2b:cc:99:b0:37:48:cf:e3:56:4b:f5:cf:
         0f:0c:72:32:87:c6:f0:44:bb:53:72:6d:43:f5:26:48:9a:52:
         67:b7:58:ab:fe:67:76:71:78:db:0d:a2:56:14:13:39:24:31:
         85:a2:a8:02:5a:30:47:e1:dd:50:07:bc:02:09:90:00:eb:64:
         63:60:9b:16:bc:88:c9:12:e6:d2:7d:91:8b:f9:3d:32:8d:65:
         b4:e9:7c:b1:57:76:ea:c5:b6:28:39:bf:15:65:1c:c8:f6:77:
         96:6a:0a:8d:77:0b:d8:91:0b:04:8e:07:db:29:b6:0a:ee:9d:
         82:35:35:10

sha256sum: 0687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739
Comment 1 Philip Prindeville 2021-12-14 21:51:29 UTC 
This is a known issue and there is no mitigation:

https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
Comment 2 Oleg Girko 2021-12-14 22:33:04 UTC 
(In reply to Philip Prindeville from comment #1)
> This is a known issue and there is no mitigation:
> 
> https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/

Does this mean that this cert should be removed completely?
Comment 3 Philip Prindeville 2021-12-15 01:02:19 UTC 
(In reply to Oleg Girko from comment #2)
> (In reply to Philip Prindeville from comment #1)
> > This is a known issue and there is no mitigation:
> > 
> > https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
> 
> Does this mean that this cert should be removed completely?

No.  Cutting & pasting from the above article:

"DST Root CA X3 will expire on September 30, 2021. That means those older devices that don’t trust ISRG Root X1 will start getting certificate warnings when visiting sites that use Let’s Encrypt certificates. There’s one important exception: older Android devices that don’t trust ISRG Root X1 will continue to work with Let’s Encrypt, thanks to a special cross-sign from DST Root CA X3 that extends past that root’s expiration. This exception only works for Android."

If you do remove it, certain old Android devices won't work.  And newer devices, that use the first path, don't need the cross-signing anyway and aren't bothered by the expired certificate.

So it does no harm to leave it in place... and provides continuity for older devices that won't be updated.
Comment 4 Bob Relyea 2021-12-15 16:58:56 UTC 
If you are using older versions of openssl, then removing the cert makes things better. We actually removed the cert from RHEL-6 and RHEL-7 databases because they are running the older version of openssl. The cert will get removed from the root store naturally in the next update. If you want to explicitly remove it now, it should do no harm. The Android description applies to android's root store.

There's a separate issue of whether or not not include the intermediate certificate signed by this root cert in your server chain. That's a configuration of your webserver and independent of the ca-certificate root store. I'll refer you to the article on how to decide whether or not to include the intermediate certificate in your server's certificate chain.

In general this sort of notification is mostly for issues with openssl on RHEL-6 and RHEL-7. Modern openssl is more tolerant of multiple chain paths with one path having expired certificates.

bob
Comment 11 Clemens Lang 2023-06-05 16:22:55 UTC 
RHEL 8.7 contains ca-certificates-2022.2.54-80.2.el8_6.