My home router supports UPnP and it is enabled (I don’t know if this also enables NAT-PMP or PCP as “many devices come with a single “UPnP” checkbox that actually toggles UPnP, NAT-PMP and PCP all at once” according to the NAT traversal blog post). Tailscale, I’m not sure if the two NATs are hard NATs or easy NATs (or indeed if there are multiple layers of NAT at the College network).Using the terminology of How NAT traversal works I’d like to be able to debug this, if possible, but I’m not sure how to do that. The two nodes cannot create a direct connection and are forced to use a DERP relay. The other node has a private address (.x) on a home network. One node has a private address (10.x.x.x) on a college network. Luckily, I don't use that host for its fancy webbed footwork.I have a tailscale installed on two nodes (with default configurations). That's the main thing.īut I suspect that any other ancient Appleware on that host won't work anymore even with new root certificates, but that's probably to be expected. Firefox and macports tools all work, but macports already did anyway. I think it only supports TLSv1.0 and and my sites don't support that. However, Safari still doesn't work, but I'm pretty sure that that's for other reasons. It was probably unnecessary, but I changed the script in the above link so as to add them to the "System Roots" keychain, and imported the new roots there. The new certificates ended up in the "System" keychain (not "System Roots"). Safari - How do I update my root certificates on an older version of Mac OS (e.g. Then I followed instructions at this link to export the root certificates from a later macOS and import them: I tried to add it to the "System Roots" keychain but it didn't work (but there were no errors when I tried, it just didn't end up in the list). Yay! Then I downloaded it with wget (from macports which already worked), and dragged it to Ke圜hain Access.app which only let my user trust it in the "local" keychain. The existing Firefox wouldn't download r exactly, but it did prompt me to trust it, so firefox works again. It would have happened (if not this way, in some other way).īut I'm biased - my thoughts are skewed - my perspective limited. It is a realization that what we all thought it was safe and secure was actually very unsafe and insecure. It is a huge learning experience (for most of everyone on the Internet). This is big corporate business trying to pull a fast one and get anyone to reach into their wallets or else. Most of the people you "speak" with here (myself included) are merely longtime volunteers. This is a not-for-profit organization that is doing far more than is literally can afford to do already. Many "current" devices aren't really running software that is actually that "current". You can please some of the people all of the time.īut you really can't please all of the people all of the time.Īnd this is one of those moments when this new cert just can't please all of the people.ĭo you think anyone has the resources to test every combination of system that is out there in a situation that hasn't happened (to this scale) before?ĭevices are "living" way past their supported lifespans. Going forward, is there a simple solution?ĭidn't the expiry warnings go on deaf ears? What would you have anyone do now (now that the the cert that has been expiring for 20 years has finally expired) at this time? I don't recall asking anyone to update anything.īut since you didn't really address the post to anyone specifically, I'm not sure to whom you are speaking with. Not all users are able to update to the latest version of the OS. I am a software developer supporting users who use a wide range of macOS versions. close window, enter your admin password againĪfter that my svn up and git pull now work again from various servers.under the Trust section, for "when using this certificate" choose "Always Trust".in Keychains > System, find "ISRG Root X1", it should have a red X on its icon.when prompted, choose to add it to the "System" keychain (you'll need admin password).drag the downloaded file to Ke圜hain Access.app.with Firefox, download this file: (Safari can't download it because itself serves the problematic expired cert.).with Safari, download old Firefox 78 ESR: (newer Firefox don't support old macOS).What worked for me on macOS 10.10 and 10.11 was: Thanks for this! I run some buildbots deliberately using older macOS and their git and svn have been unable to pull new code since yesterday. This is causing the errors you're now seeing. Your device appears to be older than that, so it doesn't trust ISRG Root X1.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |