[Ovmsdev] UserTrust/AddTrust/Comodo root CA expiration

Mark Webb-Johnson mark at webb-johnson.net
Sun May 31 08:44:52 HKT 2020


The AddTrust root CA certificate that our api.openvehicles.com <http://api.openvehicles.com/> is signed by has expired (last night). This will impact TLS connections to api.openvehicles.com <http://api.openvehicles.com/>. Our certificate itself is fine (and doesn’t expire until Feb 2022), but the root cert is was signed by (via intermediaries) has expired.

Pretty irresponsible for AddTrust/UserTrust/Comodo to sign a certificate with a later expiration date than their own CA, imho. Also irresponsible for them not to inform the customers. Everybody can be expected to monitor their own certificate expiration date, but not that of their certificate authority.

I’ve been up most of the night dealing with fallout from this (in other work and customer related systems), so not happy.

Anyway, I’ve updated the trusted root certificate in edge now, and released that. AddTrust has become UserTrust.

To connect via tls to api.openvehicles.com <http://api.openvehicles.com/> now, you will either need to firmware update, or manually add the trusted ca to /store/trustedca/usertrust.crt (I have attached it here, for convenience).

I have also taken this opportunity to change the server v2 and v3 backoff retry times to 60 seconds (was 20 or 30).

Regards, Mark.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openvehicles.com/pipermail/ovmsdev/attachments/20200531/50841605/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: usertrust.crt
Type: application/x-x509-ca-cert
Size: 2094 bytes
Desc: not available
URL: <http://lists.openvehicles.com/pipermail/ovmsdev/attachments/20200531/50841605/attachment.bin>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openvehicles.com/pipermail/ovmsdev/attachments/20200531/50841605/attachment-0001.html>


More information about the OvmsDev mailing list