[Ovmsdev] More AddTrust/UserTrust CA certificate trouble

Stephen Casner casner at acm.org
Fri Dec 11 09:47:39 HKT 2020


I've just moved to a different laptop which caused me to look at some
things I have not looked at for a while.  One of them was the perl
script Tom Saxton gave me to query the openvehicles server to gather
the log entries for my car.  That script references:

https://www.openvehicles.com:6869

This is now failing to log in.  Testing manually with curl gives:

auge14> curl -X GET -c ovms-cookie "https:/www.openvehicles.com:6869/api/cookie?username=xxxx&password=xxxx"
curl: (60) SSL certificate problem: certificate has expired
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

This looks like it could be related to the AddTrust CA cert expiration
that occurred back in May.  I check the macOS keychain and I see that
the new USERTrust RSA CA certificate is already there and matches the
one that Mark included with his email to this list about the problem.

Looking on the web for guidance I found the following suggested
command which appear to indicate that the server is still using a
certificate referencing the old CA cert?

auge15> openssl s_client -showcerts -servername www.openvehicles.com -connect www.openvehicles.com:443 > cacert.pem
depth=3 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
verify error:num=10:certificate has expired
notAfter=May 30 10:48:38 2020 GMT

Is this something that needs to be fixed on the server, or is there
something I need to change in my query?

                                                        -- Steve


More information about the OvmsDev mailing list