Search

Reinhart Previano K.

Do you love to Ctrl-K, Ctrl-/, or / ? Now you can do three of them (>_ )!

No results so far...

Contact Information

A Let's Encrypt issue broke BINUSMAYA Praktikum (bluejack.binus.ac.id)

Reinhart Previano Koentjoro's profile picture

Reinhart Previano Koentjoro (@reinhart)

Published on Logs of the SYSTEM

Share Copy Link Print PDF Embed Share to Email Share to SMS Yahoo! Share to Yahoo! Mail Mastodon Share to Mastodon Share to KakaoStory Messenger Share to Messenger Pocket Share to Pocket Flipboard Share to Flipboard Pinterest Share to Pinterest Reddit Share to Reddit Y Combinator Share to Hacker News Odnoklassniki Share to Odnoklassniki Blogger Share to Blogger Pleroma Share to Pleroma Share to Friendica Share to KakaoTalk 1Artboard 1 copy 2 Share to Snapchat Xing Share to Xing Share to Misskey LINE Share to LINE Evernote Share to Evernote WhatsApp Share to WhatsApp LiveJournal Share to Livejournal Diaspora Share to Diaspora Share to Gmail Threads Share to Threads Threema Share to Threema Share to X Tumblr Share to Tumblr Buffer Share to Buffer LinkedIn Share to LinkedIn Mail.Ru Share to mail.ru VK Share to VKontakte Trello Share to Trello Facebook Share to Facebook Bluesky Share to Bluesky Skype Share to Skype Hatena Bookmark Share to Hatena Bookmark! Share via MastodonShare Telegram Share to Telegram WordPress Share to WordPress.com

Embed

This website supports oEmbed. To quickly use oEmbed, just copy this site's link to your oEmbed-supported apps and websites like WordPress.

Alternatively, copy and paste the HTML code below to embed this post in your website.

($_ )! We have made this thing responsive, but recommend at least 512x512 pixels for best results.
<iframe src="https://reinhart1010.id/2021/10/05/a-lets-encrypt-issue-broke-binusmaya-praktikum-bluejack-binus-ac-id?embed" height="512" width="512" style="border:none;"><a href="{{ $canonical }}">https://reinhart1010.id/2021/10/05/a-lets-encrypt-issue-broke-binusmaya-praktikum-bluejack-binus-ac-id</a></iframe>
Preview
Cover image for A Let's Encrypt issue broke BINUSMAYA Praktikum (bluejack.binus.ac.id)

As one of the main contributors on Webcompat.com I often look at issues regarding website problems, such as A/V codecs and SSL issues. And today, let me present you one of the main issues we recently have, and surprisingly this affects one of the extranet service in BINUS University, BINUSMAYA Praktikum (bluejack.binus.ac.id).

Note:

  • In order to access the site (in normal days), you'll need a valid account on BINUSMAYA, which is only available for existing BINUS University students and lecturers.
  • This issue seems to occur only on select devices, especially macOS and iOS. I've tested the site on Linux and instead I got another error that portal.bluejack.binus.ac.id is offline.

TL;DR: Migrate to ISRG Root X1

At Webcompat.com we often use the SSL Test service from Qualys' SSL Labs to check the SSL/TLS configuration of websites.

When comparing the SSL Test results for both bluejack.binus.ac.id and reinhart1010.id (this site), I'm quite surprised that my certificate was issued 2 days later than BINUSMAYA Praktikum.

Here's what the SSL Test results for bluejack.binus.ac.id (as well as *.bluejack.binus.ac.id) looks like:

and here's mine:

The difference? BINUSMAYA Praktikum seems to use the older IdentTrust DST CA Root X3 root certificate, while I'm already using the newer Let's Encrypt R3 root certificate which is based on ISRG Root X1.

The same issue also affects other services, too.

Even since the end of 2020, the team behind Let's Encrypt have worried that one of the root certificates are expiring this year affecting compatibility with many older Android devices, and now, it happens recently. While the team have found workarounds for this, server administrators need to, at least, migrate their Let's Encrypt certificate chain from DST CA Root X3 to Let's Encrypt R3 to make sure that things are going fine.

To quote from Let's Encrypt regarding this issue:

If your client handled the X3 to R3 transition smoothly, then you shouldn’t need to take action. Ensure that your client correctly uses the intermediate certificate provided by the ACME API at the end of issuance, and doesn’t retrieve intermediates by other means (e.g. hardcoding them, reusing what is on disk already, or fetching from AIA URLs).

https://letsencrypt.org/2020/12/21/extending-android-compatibility.html

This issue doesn't mean that Let's Encrypt service should not be trusted. In fact, large organizations such as Red Hat, OpenStreetMap, and Shopify start to use Let's Encrypt, while the service itself is now funded and supported by some of the world's prominent internet companies and organizations. Even at HIMTI BINUS University we also changed our TLS certificate from Comodo to Let's Encrypt, not because of a fee, but since the older Comodo certificate only covers for the main himti.or.id site, but not their subdomains (e.g. hishot.himti.or.id).

Further Reading

Share Copy Link Print PDF Embed Share to Email Share to SMS Yahoo! Share to Yahoo! Mail Mastodon Share to Mastodon Share to KakaoStory Messenger Share to Messenger Pocket Share to Pocket Flipboard Share to Flipboard Pinterest Share to Pinterest Reddit Share to Reddit Y Combinator Share to Hacker News Odnoklassniki Share to Odnoklassniki Blogger Share to Blogger Pleroma Share to Pleroma Share to Friendica Share to KakaoTalk 1Artboard 1 copy 2 Share to Snapchat Xing Share to Xing Share to Misskey LINE Share to LINE Evernote Share to Evernote WhatsApp Share to WhatsApp LiveJournal Share to Livejournal Diaspora Share to Diaspora Share to Gmail Threads Share to Threads Threema Share to Threema Share to X Tumblr Share to Tumblr Buffer Share to Buffer LinkedIn Share to LinkedIn Mail.Ru Share to mail.ru VK Share to VKontakte Trello Share to Trello Facebook Share to Facebook Bluesky Share to Bluesky Skype Share to Skype Hatena Bookmark Share to Hatena Bookmark! Share via MastodonShare Telegram Share to Telegram WordPress Share to WordPress.com

Embed

This website supports oEmbed. To quickly use oEmbed, just copy this site's link to your oEmbed-supported apps and websites like WordPress.

Alternatively, copy and paste the HTML code below to embed this post in your website.

($_ )! We have made this thing responsive, but recommend at least 512x512 pixels for best results.
<iframe src="https://reinhart1010.id/2021/10/05/a-lets-encrypt-issue-broke-binusmaya-praktikum-bluejack-binus-ac-id?embed" height="512" width="512" style="border:none;"><a href="{{ $canonical }}">https://reinhart1010.id/2021/10/05/a-lets-encrypt-issue-broke-binusmaya-praktikum-bluejack-binus-ac-id</a></iframe>
Preview

Reinhart Previano Koentjoro
Reinhart Previano Koentjoro
Citra Manggala Dirgantara
Citra Manggala Dirgantara

A Reinhart company

Products

Company