Add GlobalSign Root CA - R3 cert and remove outdated certs #4100
Conversation
root CA of rubygems.org (and all subdomains) was updated from GlobalSign Organization Validation CA - SHA256 - G2 to GlobalSign Root CA - R3. GlobalSignRootCA.pem was previously used to verify server cert if system certs could not verify rubygems.org cert
@sonalkr132 Thanks! I will backport this to RG 2.7, 3.0 and 3.1. |
Add GlobalSign Root CA - R3 cert and remove outdated certs
Add GlobalSign Root CA - R3 cert and remove outdated certs
Add GlobalSign Root CA - R3 cert and remove outdated certs
Add GlobalSign Root CA - R3 cert and remove outdated certs
Thanks. Perhaps we should wait until @dwradcliffe confirms the removal of the old cert. |
Ah, OK. I'm waiting to release the new versions of rubygems until approval from @dwradcliffe . |
I can confirm that we previously used CloudFront as the S3 CDN, and we now use Fastly instead. It is ok to remove |
Add GlobalSign Root CA - R3 cert and remove outdated certs (cherry picked from commit 9bb7da6)
I think there was still a cloudfront domain setup for legacy clients buts it’s probably time to stop supporting that. |
Add GlobalSign Root CA - R3 cert and remove outdated certs (cherry picked from commit 9bb7da6)
Add GlobalSign Root CA - R3 cert and remove outdated certs (cherry picked from commit 9bb7da6)
Add GlobalSign Root CA. rubygems/rubygems#4100 rubygems/rubygems#4105
root CA of rubygems.org (and all subdomains) was updated from GlobalSign Organization Validation CA - SHA256 - G2 to GlobalSign Root CA - R3.
GlobalSignRootCA.pem was previously used to verify server cert if system certs could not verify rubygems.org cert.
What was the end-user or developer problem that led to this PR?
Fixes when rubygem.org cert could not be verified by using system certs:
closes: #4099
What is your fix for the problem, implemented in this PR?
add GlobalSign R3 CA cert. used here to configure remove fetcher.
Make sure the following tasks are checked