Make WordPress Core

Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#51520 closed defect (bug) (wontfix)

Add certificates for “Staat der Nederlanden Private Root CA – G1” certificate chain

Reported by: rockfire's profile rockfire Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: HTTP API Keywords:
Focuses: Cc:

Description

We are using an API which as of September 28th of this year is using the new “Staat der Nederlanden Private Root CA – G1” certificate chain (see: https://developers.kvk.nl/guides). Since these certificates aren't in the wp-includes/certificates/ca-bundle.crt a call to the API using wp_remote_get fails. Can these certificates be added?

This issue can be tested by doing the following call:
wp_remote_get( 'https://api.kvk.nl/api/v2/testsearch/companies?kvkNumber=69599084' );

Change History (2)

#1 @fierevere
4 years ago

  • Resolution set to wontfix
  • Status changed from new to closed

Please note: the certificate chain in the example link is invalid for Mozilla (and other CA bundles)

You can see full report here: https://www.ssllabs.com/ssltest/analyze.html?d=api.kvk.nl&latest

Why should WordPress add an invalid certificate to its bundle?

You can follow that site instructions to fix this issue for you locally
You can even append certificate to your local WordPress
wp-includes/certificates/ca-bundle.crt
but you have to do this after every reinstall/core update.

#2 @SergeyBiryukov
4 years ago

  • Milestone Awaiting Review deleted
Note: See TracTickets for help on using tickets.