Sectigo AddTrust External CA Root Expiring May 30, 2020 (opens in new tab)

(support.sectigo.com)

1 pointshayzeus6y ago6 comments

6 comments

5 comments · 3 top-level

hayzeusOP6y ago· 2 in thread

So we've done some testing, and it looks like this certificate needs to be removed from the root ca bundles of Ubuntu 16.04 and earlier, as well as Debian 9 and earlier, even if these hosts are otherwise up do date (including the root certificate bundle). We've gone head and rolled out a fix, but I guess consider this a heads up.

I mean, Debian 9 isn't that old.

Its relatively easy to test -- create a host using an older, affected distribution, set the time forward to, say, 6/1/2020, and run 'curl https://crt.sh/' . You should get a ceritifcate expired error

detaro6y ago

Why does it need to be removed? Shouldn't it just cleanly expire and be ignored?

hayzeusOP6y ago

Yes -- but on older linux distributions curl, etc continue to try to use it

1 more reply

andriyk6y ago

I have this issue on my browser using my older Mac Book Air. How do I fix this in laymen's terms?

trelliscoded6y ago

I o

j / k navigate · click thread line to collapse