I REALLY know very little about certificates. I got one to use with my Synology router and NAS. It all works fine.
However, my router Threat Prevention complains about a web site that has Certificate from Active Intermediate, R3. I seem to remember that R3 was supposed to no longer be valid and people should have updated/reissued their certificates. Is that correct? Or is any R3 certificate still valid?
I had already seen that chain of trust diagram, but wasn't sure how to interpret it.
I'm guessing this event "ET INFO Observed Let's Encrypt Certificate from Active Intermediate, R3" was maybe just meant to alert people to the fact that the R3 was used and maybe they needed to refresh to get new root? (if that makes any sense)
Yep, basically same concern, but I since found stuff on the web that mentioned that something about it was already expired so I was trying to find out more about that. And I guess it sounds like the "Root" changed and not the R3. And I also said in this message that it was probably just something to alert people to the change (partially based on your previous reply in the previous thread). Was hoping to get some additional explanations and basically got it. But anyone has anything else to help explain it, I'm all ears. Trying to learn this stuff. The topic from before was automatically closed, so I couldn't just add the additional questions there.
I didn't think it was a Let's Encrypt problem. Just trying to understand more.
Also, what happens if some website I visit still has the R3 that is based on the expired root? Is that a bad thing? Should I inform the website? Do you think the browser would reject it?
I agree the message is poorly constructed. I can't get anything out of the device provider. They said it was up to me to figure it out. My guess is they just threw Suricata into a UI for their router as an added feature, which I have to admit, I DO like the information that it can provide as well as block. But the information is very minimalistic. So it is hard for me to decipher. Hence my coming here to see what I could find out about R3.
I presume by "server" you mean a web server. I don't have one of those. I assume SOMETHING I did on the PC made a request and that return traffic came back and it complained. But I don't know what I did at around the time the event was logged. And I don't know what I did that referenced Fastly. It might even have just been something like windows OS or the windows store that was trying to update something.
I don't think I got any browser error. But I know that sometimes something that I am trying to do on the web will just keep showing the busy indicator and then stop and say it can't access the web page. That is when I go to the events and try to see if there was a legitimate reason to block it, or if I have the rules too tight. I'd rather have the rules too tight and have it break something than have it too loose and let something dangerous in.
So yeah, I'm trying to figure out what the messages mean so that I can communicate about it better, hence my coming on here and asking about the R3 event. The lack of documentation on this router Threat Prevention stuff is really disappointing. If I search for the event message, I usually end up at the suricata rules and it is just in the middle of a bunch of rules. No explanations. No examples. No description of actions to take, etc.