--search-keys: "gpg: error searching keyserver: No inquire callback in IPC"
Andrew Gallagher
andrewg at andrewg.com
Thu Jul 29 18:16:26 CEST 2021
On 29/07/2021 08:41, Rainer Fiebig via Gnupg-users wrote:
> Am 28.07.21 um 21:38 schrieb Ingo Klöcker:
>> On Mittwoch, 28. Juli 2021 18:38:07 CEST Rainer Fiebig via Gnupg-users
wrote:
>>
>> Does 'gpg --keyserver hkps://pgpkeys.eu --search-keys ...' work for you?
>>
> No, same output as reported initially.
The common problem is the LetsEncrypt R3 certificate.
> * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
> * ALPN, server accepted to use http/1.1
> * Server certificate:
> * subject: CN=keys.openpgp.org
> * start date: Jul 26 04:32:08 2021 GMT
> * expire date: Oct 24 04:32:06 2021 GMT
> * subjectAltName: host "keys.openpgp.org" matched cert's "keys.openpgp.org"
> * issuer: C=US; O=Let's Encrypt; CN=R3
> * SSL certificate verify ok.
...
> Looks OK to me. The Let's Encrypt certificate is recognized and
> verified. Or what do you think?
I think it looks like dirmngr isn't using the same set of CAs that curl
is using.
The missing root certificate is:
> 2021-07-28 16:06:50 dirmngr[4135.6] issuer certificate: #/CN=DST Root
CA
> X3,O=Digital Signature Trust Co.
Can you confirm that /etc/ssl/certs/DST_Root_CA_X3.pem exists on your
machine and has the following checksum?
```
andrewg at whippet:~$ sha256sum /etc/ssl/certs/DST_Root_CA_X3.pem
139a5e4a4e0fa505378c72c5f700934ce8333f4e6b1b508886c4b0eb14f4be99
/etc/ssl/certs/DST_Root_CA_X3.pem
```
Also, is your system clock correct? (long shot, but always worth asking
when debugging TLS cert issues)
--
Andrew Gallagher
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20210729/ba74f451/attachment.sig>
More information about the Gnupg-users
mailing list