Had a bad weekend? Probably, if you're a Sectigo customer, after root cert expires and online chaos ensues

2020-06-02 06:02

On Saturday, at 10:48 UTC, Sectigo's AddTrust legacy root certificate expired, causing a bit of weekend havoc for thousands of websites and services that rely on it for making a secure TLS/SSL connection.

"Generally speaking, this is affecting older, non-browser clients which talk to TLS servers which serve a Sectigo certificate chain ending in the expired certificate," wrote Andrew Ayer, founder of SSLMate, in a blog post.

When connecting to a TLS server, the server sends a certificate to the client to establish its identity, and an intermediate certificate that links the server cert to a trusted root certificate.

After the AddTrust External CA Root and the USERTrust RSA CA intermediate certificate expired, applications like Red Hat Enterprise Linux 7, Roku's streaming media service, and Algolia, started having problems.

El Reg readers report that UK-based cert biz Trustico and US-based SSLS.com have been issuing certificates that are suddenly failing because they were issued without checking that all the certs in the chain of trust are valid.

News URL

https://go.theregister.com/feed/www.theregister.com/2020/06/02/sectigo_root_cert_expires/

#cert #online #root #sectigo