Hello Opto22 team,
We have a fairly recent O/S on our EPIC (3.1.0-b.14 - 1/18/2021) and the openssh library installed on that O/S is OpenSSL 1.0.2d 9 Jul 2015 - long before LetsEncrypt root authority was listed as a trusted root CA.
This is causing the EPIC to fail cert validation on all outbound TLS traffic to remote servers with certs issued by LetsEncrypt. Lots of information about this in the news because the root CA for LetsEncrypt certs expired on Oct.1 2021, and new LetsEncrypt certs aren’t trusted by the OpenSSL library from 2015.
Compare that with a RIO (older O/S 3.0.0-b.34 - 11/25/2020) which includes the OpenSSL library 1.0.2r 26 Feb 2019, and has no problem validating TLS traffic to servers with certs issued by LetsEncrypt.
Attempting to upgrade the OpenSSL library on the Epic using ‘apt-get update openssl’ shows this 2015 version as the latest.
What do you recommend we do? Do more recent EPIC O/S versions have newer versions of openssl?
I’m calling this a Y2k problem, because on Oct.1 our EPIC stopped working for all secure traffic to servers with certs issued by LetsEncrypt (and there are lots of those out there)