New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add GlobalSign Root CA - R3 cert and remove outdated certs #4100
Conversation
root CA of rubygems.org (and all subdomains) was updated from GlobalSign Organization Validation CA - SHA256 - G2 to GlobalSign Root CA - R3. GlobalSignRootCA.pem was previously used to verify server cert if system certs could not verify rubygems.org cert
@sonalkr132 Thanks! I will backport this to RG 2.7, 3.0 and 3.1. |
Add GlobalSign Root CA - R3 cert and remove outdated certs
Add GlobalSign Root CA - R3 cert and remove outdated certs
Add GlobalSign Root CA - R3 cert and remove outdated certs
Add GlobalSign Root CA - R3 cert and remove outdated certs
Thanks. Perhaps we should wait until @dwradcliffe confirms the removal of the old cert. |
Ah, OK. I'm waiting to release the new versions of rubygems until approval from @dwradcliffe . |
I can confirm that we previously used CloudFront as the S3 CDN, and we now use Fastly instead. It is ok to remove |
Add GlobalSign Root CA - R3 cert and remove outdated certs (cherry picked from commit 9bb7da6)
I think there was still a cloudfront domain setup for legacy clients buts it’s probably time to stop supporting that. |
Add GlobalSign Root CA - R3 cert and remove outdated certs (cherry picked from commit 9bb7da6)
Add GlobalSign Root CA - R3 cert and remove outdated certs (cherry picked from commit 9bb7da6)
Add GlobalSign Root CA. rubygems/rubygems#4100 rubygems/rubygems#4105
The bundled Rubygems certificate `AddTrustExternalCARoot.pem` is outdated; replaced it with the current `GlobalSignRootCA_R3.pem`, from the Rubygems project. See: - rubygems/rubygems#4099 - rubygems/rubygems#4100 - https://github.com/rubygems/rubygems/blob/master/lib/rubygems/ssl_certs/rubygems.org/GlobalSignRootCA_R3.pem
The bundled Rubygems certificate `AddTrustExternalCARoot.pem` is outdated; replaced it with the current `GlobalSignRootCA_R3.pem`, from the Rubygems project. See: - rubygems/rubygems#4099 - rubygems/rubygems#4100 - https://github.com/rubygems/rubygems/blob/master/lib/rubygems/ssl_certs/rubygems.org/GlobalSignRootCA_R3.pem
root CA of rubygems.org (and all subdomains) was updated from GlobalSign Organization Validation CA - SHA256 - G2 to GlobalSign Root CA - R3.
GlobalSignRootCA.pem was previously used to verify server cert if system certs could not verify rubygems.org cert.
What was the end-user or developer problem that led to this PR?
Fixes when rubygem.org cert could not be verified by using system certs:
closes: #4099
What is your fix for the problem, implemented in this PR?
add GlobalSign R3 CA cert. used here to configure remove fetcher.
Make sure the following tasks are checked