After updating certificate via ad-hoc/rest only main certificate is updated (#1080)

Wojciech Kapcia (Tigase) opened 6 years ago

Update certificate for tigase.im via ad-hoc (with wildcard). Afterward main domain serves updated cert but the subdomain still serves (until restart) old one:

wojtek@atlantiscity.local ~/dev $ openssl s_client  -connect tigase.me:5269 -xmpphost tigase.im < /dev/null -starttls xmpp
CONNECTED(00000006)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = tigase.im
verify return:1
---
Certificate chain
 0 s:/CN=tigase.im
   i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
 1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
   i:/O=Digital Signature Trust Co./CN=DST Root CA X3
 2 s:/O=Digital Signature Trust Co./CN=DST Root CA X3
   i:/O=Digital Signature Trust Co./CN=DST Root CA X3

---

wojtek@atlantiscity.local ~/dev $ openssl s_client  -connect tigase.me:5269 -xmpphost push.tigase.im < /dev/null -starttls xmpp
CONNECTED(00000006)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = tigase.im
verify return:1
---
Certificate chain
 0 s:/CN=tigase.im
   i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
 1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
   i:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
 2 s:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
   i:/C=US/O=Internet Security Research Group/CN=ISRG Root X1

Related
- Don't send root CA certificate in chain (#1078) Closed
- Incorrect SSL certificate being used (#1568) In QA

Activities

Wojciech Kapcia (Tigase) added "Related" #1568 4 weeks ago
Login to comment

Type	Bug
Priority	Normal
Assignee	Wojciech Kapcia (Tigase)
Version	tigase-server-8.1.0
Spent time	0

Issue Votes (0)

Watchers (2)

Reference

tigase/_server/server-core#1080