Test ISRG signed intermediate before transition on Jul 8th

ce4 · May 6, 2019, 9:53am

Hi all,

I need to test some old embedded stuff but the LE test endpoint (https://valid-isrgrootx1.letsencrypt.org/) doesnt support TLS_RSA_WITH_3DES_EDE_CBC_SHA anymore.

Reason: LE has announced that it will change the default intermediate certificate:

“Subscribers who need to support very old TLS/SSL clients may wish to manually configure their servers to continue using the cross-signature from IdenTrust. You can test whether a given client will work with the newer intermediate by accessing our test site.”

What intermediate cert will be used from then on? I guess it’ll transtition from [1] to [2]?
[1] https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem.txt
[2] https://letsencrypt.org/certs/letsencryptauthorityx3.pem.txt

Thanks & best regards,
Christian

_az · May 6, 2019, 10:11am

Yes, that's correct. You can configure a web server with legacy ciphersuites and the [2] intermediate for testing purposes.

system · June 5, 2019, 10:11am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.