Hi Jason, Please keep responses on mailing list.
The expired CA cert is in /etc/ssl/cert.pem I'll copy this from another thread that was on misc@ a while ago: https://www.mail-archive.com/misc@openbsd.org/msg181131.html > The solution for you is to edit /etc/ssl/cert.pem and delete > "/O=Digital Signature Trust Co./CN=DST Root CA X3" from the file. > Or you could also simply download the latest version of /etc/ssl/cert.pem > from another machine: > https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/lib/libcrypto/cert.pem?rev=1.24&content-type=text/plain > And install it as /etc/ssl/cert.pem. Although, I would suggest to > make immutable with "chflags uchg cert.pem". Most likely the problem will go away after update, as cert.pem should get updated with system. Alternatively, since sysupgrade verifies downloaded files, it should be safe to switch to http instead of https. But I'd recommend trying to fix https problem first. Regards, -- Łukasz Moskała Dnia Thu, Mar 03, 2022 at 03:46:12PM +1100, Jason F napisał(a): > Hi Łukasz, > > Thank you for your reply. > > I have corrected the system date and time. Have got different issue after > executing the sysupgrade command > > Sysupgrade > Fetching from https://cdn.openbsd.org/pub/OpenBSD/6.90/amd64 > TLS handshake failure: certificate verification failed: certificate has > expired. > I rebooted and try again. Same conclusion as above. In what steps to resolve > this issue? Delete the expired certificate in what file location or do > something else? > > Thanks, > Jason > > > -----Original Message----- > From: Łukasz Moskała [mailto:l...@lukaszmoskala.pl] > Sent: Thursday, 3 March 2022 7:49 AM > To: Jason F; misc@openbsd.org > Subject: Re: Unable to system upgrade > > W dniu 2.03.2022 o 11:01, Jason F pisze: > > Hi OpenBSD support, > > > > > > > > I am new user and learning to use OpenBSD. I am unable to determine how to > > resolve the below issue. Unable to find information in internet. I am > > hoping for some assistance from experienced users or someone have resolved > > the similar issue. > > > > > > > > My NUC box is running OpenBSD 6.8 in amd64. I am upgrading from 6.8 to 6.9 > > then 7.0. Not sure if this can do from 6.8 to 7.0? > > > > > > > > sysupgrade -r > > > > Fetching from https://cdn.openbsd.org/pub/OpenBSD/6.9/amd64 > > > > TLS handshake failure: ocsp verify failed: ocsp response not current > > > > > > > > I am not sure how to resolve this issue. I changed install URL to try at > > different site in /etc/installurl file from > > https://cdn.openbsd.org/pub/OpenBSD to > > https://mirror.aarnet.edu.au/pub/OpenBSD > > > > > > > > sysupgrade -r > > > > Fetching from https://mirror.aarnet.edu.au/pub/OpenBSD/ /6.9/amd64/ > > > > Invalid signing key > > > > > > > > When i rerun with https://cdn.openbsd.org/pub/OpenBSD/6.9/amd64 > > > > sysupgrade -r > > > > SHA256.sig 100% |**** etc. 2144 00:00 > > > > Signature Verified > > > > TLS handshake failure: ocsp verify failed: ocsp response not current > > > > > > > > > > > > Happy to consult > > > > > > > > Thanks > > > > > > > > Jason > > > > > > > Hello, > > > TLS handshake failure: ocsp verify failed: ocsp response not current > > This would indicate that system time is invalid. > > Regards, > -- > Łukasz Moskała >
