Hi,
Clever project!
Since Let's Encrypt may at any moment switch over to the Let's Encrypt Authority X4 intermediate for new certificates (or use the ISRG-signed intermediate rather than the cross-signed one you include in this project), there is a decent amount of risk that the mod will unexpectedly stop working.
You can review the relationship between the certificates here - https://letsencrypt.org/certificates/
If I can suggest an alternate strategy for your patching of the trust store - trust these two certificates:
- ISRG Root X1 (self-signed)
- DST Root CA X3
All Let's Encrypt intermediates in existence will always be signed by one of these two trust anchors, so Java will always be able to validate a Let's Encrypt certificate's trustworthiness just from those two roots (now and in future).
Functionally your mod should remain the same, but be less fragile to future change.
Thanks!
Hi,
Clever project!
Since Let's Encrypt may at any moment switch over to the Let's Encrypt Authority X4 intermediate for new certificates (or use the ISRG-signed intermediate rather than the cross-signed one you include in this project), there is a decent amount of risk that the mod will unexpectedly stop working.
You can review the relationship between the certificates here - https://letsencrypt.org/certificates/
If I can suggest an alternate strategy for your patching of the trust store - trust these two certificates:
All Let's Encrypt intermediates in existence will always be signed by one of these two trust anchors, so Java will always be able to validate a Let's Encrypt certificate's trustworthiness just from those two roots (now and in future).
Functionally your mod should remain the same, but be less fragile to future change.
Thanks!