WordPress.org

Make WordPress Core

Opened 12 months ago

Closed 12 months ago

Last modified 12 months ago

#51520 closed defect (bug) (wontfix)

Add certificates for “Staat der Nederlanden Private Root CA – G1” certificate chain

Reported by: rockfire Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: HTTP API Keywords:
Focuses: Cc:

Description

We are using an API which as of September 28th of this year is using the new “Staat der Nederlanden Private Root CA – G1” certificate chain (see: https://developers.kvk.nl/guides). Since these certificates aren't in the wp-includes/certificates/ca-bundle.crt a call to the API using wp_remote_get fails. Can these certificates be added?

This issue can be tested by doing the following call:
wp_remote_get( 'https://api.kvk.nl/api/v2/testsearch/companies?kvkNumber=69599084' );

Change History (2)

#1 @fierevere
12 months ago

  • Resolution set to wontfix
  • Status changed from new to closed

Please note: the certificate chain in the example link is invalid for Mozilla (and other CA bundles)

You can see full report here: https://www.ssllabs.com/ssltest/analyze.html?d=api.kvk.nl&latest

Why should WordPress add an invalid certificate to its bundle?

You can follow that site instructions to fix this issue for you locally
You can even append certificate to your local WordPress
wp-includes/certificates/ca-bundle.crt
but you have to do this after every reinstall/core update.

#2 @SergeyBiryukov
12 months ago

  • Milestone Awaiting Review deleted
Note: See TracTickets for help on using tickets.