The mystery of the expiring Sectigo web certificate

2020-06-02 16:48

There's a bit of a kerfuffle in the web hosting community just at the moment over an expired web security certificate from a certificate authority called Sectigo, formerly Comodo Certificate Authority.

To make it harder for crooks to mint a web certificate in your name, you need to get your certificate vouched for by someone else, known as a certificate authority.

You then present your certificate and their certificate, and they vouch for you; if their certificate is, in turn, vouched for by your browser itself, then your browser will automatically accept your certificate because it'd been signed by someone that the browser already trusts.

There's the leaf certificate that vouches for your website; there's an intermediate certificate that vouches for your leaf; and then the intermediate certificate is vouched for by a root certificate that is itself magically imbued with vouching power because it is trusted directly by your browser or your operating system.

That's the trouble here - even though one of Sectigo's backwards-compatible root certificates has now expired, some web software is still relying on that old root certificate, which expired on 30 May 2020, even though it already knows about the new root certificate and should be verifying the certificate chain as valid.

News URL

https://nakedsecurity.sophos.com/2020/06/02/the-mystery-of-the-expiring-sectigo-web-certificate/

#certificate #sectigo #WEB