
Let’s Encrypt and iTunes podcasts - dominicrodger
https://www.dominicrodger.com/2016/02/29/lets-encrypt-itunes-podcasts/
======
hlieberman
Interesting. IdenTrust, who cross-signs Let's Encrypt, has been in the root CA
lists for a long time. (Mozilla merged this particular root certificate, DST
Root X3, in 2008, as a replacement for existing expiring IdenTrust roots.)

~~~
pfg
The problem seems to be Java/Oracle's root store, where IdenTrust is not
included. Let's Encrypt has stated that they have applied to Oracle's root
program with their own root certificate, so hopefully this will eventually be
solved in a future Java version.

------
exolymph
Maybe a little HN attention will prompt them to take a look at this issue.

~~~
sjwright
Hopefully. I'm willing to give Apple the benefit of the doubt here that this
was unintended oversight. Practically speaking, iTunes should use exactly the
same SSL infrastructure as Safari.

~~~
pritambaral
The problem is in iTunes's server side component, not the app running in OS X
on user computers. But yeah, it should have kept up.

