IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

New Don't nuke the CUPS certificate
CUPS is Apple's print server setup. It is essentially a tangled set of web services and these days, encryption is enabled by default. Kill the cert and your printer may stop talking to you.

Self-signed means the cert isn't trusted beyond the local computer. That is fine for the use CUPS puts it to.

c-73-158-167-161.hsd1.ca.comcast.net is the Comcast hostname for a residential (dynamic) IP address (73.158.167.161). I can't say why Apple would have it in the keychain but if Comcast is your ISP, then it could be your cable modem.

TPM draws a "Connection not secure" error because the protected page contains unprotected links. That complaint is genuine, it is not due to a certificate problem.

If all else fails and the problem persists, you can manually download and install the cert chain from Sectigo (although, based on your adventures further down, you may have to override Safari's error dialogs.)
Expand Edited by scoenye June 1, 2020, 10:48:51 PM EDT
New Gracias..
Discovered *CUPS back in the Knoppix days, should have recalled that (guess I imagined that, if nuked, it would re-create-self on a reboot). Part-2: but not if it calls the same cert from same place. Duh.
* even managed to make it er, Print {pats ego mildly}.

In any event -- I didn't. :)

As to Box's confirmation of similar conflagration, surely we'll hear soon (?) if this was Vlad-the-Impaler or similar.
Don't care lots about the silly-level inconvenience; next: is someone fabricating an App, should this fix need a bit of individual action by multitudes..

Apreciate the brain-work, again.
     I'm back; this time re "Sectigo" - (Ashton) - (21)
         Sounds like an update is needed. - (static)
         Also, thanks. - (static)
         Wade is likely right + couple of things to check - (scoenye) - (3)
             Going there: - (Ashton) - (2)
                 Don't nuke the CUPS certificate - (scoenye) - (1)
                     Gracias.. - (Ashton)
         Here's a page that might help, if you can get there. - (Another Scott) - (1)
             Hm: gives important also-too CLUE! (Can't Go-->There, either) - (Ashton)
         Something happened with SSL certs yesterday - (malraux) - (11)
             Thanks.. helps out, 'the Loneliness of the Long-distance tyro-Debugger .. a bit :-) -NT - (Ashton) - (10)
                 major cert trust domain issue yesterday - (boxley) - (9)
                     CRL lookup service blowout? The only thing I can think of that would cause widespread mayhem. -NT - (scoenye) - (3)
                         Heh.. that moniker sent moi --> Belgium and a ∆ re (my) access to Sectigo. - (Ashton) - (2)
                             That is what is going on - (scoenye) - (1)
                                 Excellent--Lots of peripheral info there too; Bonus. -NT - (Ashton)
                     Still going on. - (malraux) - (4)
                         we use a gummint cert internal to ourselves - (boxley) - (3)
                             We didn't have browser issues - (malraux) - (2)
                                 Sectigo's SHA-1 root + intermediate certs expired. - (scoenye) - (1)
                                     I don't think that's all that happened. - (malraux)
         Teapot; Tempest-in: Thanks all! stuff works. The post-mortem amusement awaits.. -NT - (Ashton)

I thought it was Run Away From the Dots.
73 ms