WordPress.org

Make WordPress Core

Opened 5 months ago

Closed 5 months ago

Last modified 5 months ago

#51520 closed defect (bug) (wontfix)

Add certificates for “Staat der Nederlanden Private Root CA – G1” certificate chain

Reported by: rockfire Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: HTTP API Keywords:
Focuses: Cc:

Description

We are using an API which as of September 28th of this year is using the new “Staat der Nederlanden Private Root CA – G1” certificate chain (see: https://developers.kvk.nl/guides). Since these certificates aren't in the wp-includes/certificates/ca-bundle.crt a call to the API using wp_remote_get fails. Can these certificates be added?

This issue can be tested by doing the following call:
wp_remote_get( 'https://api.kvk.nl/api/v2/testsearch/companies?kvkNumber=69599084' );

Change History (2)

#1 @fierevere
5 months ago

  • Resolution set to wontfix
  • Status changed from new to closed

Please note: the certificate chain in the example link is invalid for Mozilla (and other CA bundles)

You can see full report here: https://www.ssllabs.com/ssltest/analyze.html?d=api.kvk.nl&latest

Why should WordPress add an invalid certificate to its bundle?

You can follow that site instructions to fix this issue for you locally
You can even append certificate to your local WordPress
wp-includes/certificates/ca-bundle.crt
but you have to do this after every reinstall/core update.

#2 @SergeyBiryukov
5 months ago

  • Milestone Awaiting Review deleted
Note: See TracTickets for help on using tickets.