Hi, It was indeed related to the ca-certificates package. Thanks for your help! Best Regards -----Message d'origine----- De : Christoph Moench-Tegeder [mailto:cmt@xxxxxxxxxxxxxx] Envoyé : jeudi 14 octobre 2021 15:29 À : Cedric Rey <cerey@xxxxxxxxxxxxxxx> Cc : pgsql-general@xxxxxxxxxxxxxxxxxxxx Objet : Re: Certificate validity error download.postgresql.org ## Cedric Rey (cerey@xxxxxxxxxxxxxxx): > the certificate on download.postgresql.org has expired : > > openssl s_client -connect download.postgresql.org:443 > CONNECTED(00000003) > depth=3 O = Digital Signature Trust Co., CN = DST Root CA X3 verify > error:num=10:certificate has expired notAfter=Sep 30 14:01:15 2021 GMT That's complaining about the "DST Root CA X3" certificate, and that's (partially) expected: https://letsencrypt.org/2021/10/01/cert-chaining-help.html But the fact that you're seeing this indicates that you're either running an horribly outdated version of openssl (as Daniel mentioned), but even CentOS' "OpenSSL 1.0.2k-fips 26 Jan 2017" has been fixed in this regard. The other possibility is that your trusted CA list is outdated: that would be package ca-certificates (same name in deb and rpm world). I do know from my own experience that at least the "old" (2020.2.something) Redhat package is missing the new "ISRG Root X1" certificate, you'll need version 2021.2.something. Regards, Christoph -- Spare Space - https://www.groupemutuel.ch https://www.facebook.com/groupemutuel.ch https://twitter.com/Groupe_Mutuel https://www.linkedin.com/company/groupe-mutuel https://www.instagram.com/groupemutuel/ -------------------------------- This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and delete this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
