[DBWG] rdap.afrinic.net HTTPS server with broken certificate chain
Michel Odou
michel.odou at afrinic.net
Mon Apr 15 04:37:17 UTC 2024
Dear Yang,
Thank you for your message. We analyzed the issue and we were able to
reproduce it internally. The certificate deployed on the load balancer
was missing the CA certificate. This caused TLS validation issues on
some systems. We have deployed the missing CA certificate on
rdap.afrinic.net and we no longer experience the issue on our end.
Please confirm it is the same on your side.
We are also working on improving our internal monitoring systems to
detect this type of issue in the future.
Regards,
Michel
On 11/04/2024 07:32, Yang Yu wrote:
> Hi,
>
> Looks like since Apr 10 the server TLS certificate chain has been
> broken, where the intermediate CA "GeoTrust TLS RSA CA G1" certificate
> is missing. Clients without support for AIA would fail certificate
> validation.
>
> https://www.ssllabs.com/ssltest/analyze.html?d=rdap.afrinic.net&s=196.216.3.4
>
>
> Yang
>
> _______________________________________________
> DBWG mailing list
> DBWG at afrinic.net
> https://lists.afrinic.net/mailman/listinfo/dbwg
--
Michel ODOU
Head of IT & Security
African Network Information Centre (AFRINIC) Ltd.
t: +230 403 51 00 | f: +230 466 6758 | w: https://www.afrinic.net
More information about the DBWG
mailing list