COMODO/Sectigo Addtrust root CA expired 30th of May 2020

Description

On May 30th of 2020, a CA root certificate by COMODO/Sectigo Addtrust expired. After that date, any legacy systems that use this CA root certificate will experience an outage or display an error message like “certificate is expired” or “certificate is invalid” when verifying a certificate signed by COMODO/Sectigo Addtrust.

What can happen in certain cases is that you might have a certificate that is valid, but because the CA root certificate it chains to for verification is expired, you will still get a message saying that the certificate is expired or invalid.

More information on the problem and possible solutions can be found here on the official Sectigo website: https://support.sectigo.com/Com_KnowledgeDetailPage?Id=kA03l00000117LT

Resolution

Sectigo has other, older, legacy roots apart from the AddTrust root, and they have generated cross-certificates from one in order to extend backward compatibility. The cross certificate is signed by the root called “AAA Certificate Services”. Customers who have embedded AddTrust External CA Root into their applications or custom legacy devices may need to embed the new USERTrust RSA CA Root replacement.

Older Access Servers can contain CA root information that is outdated. To resolve that, you can update the Access Server to the latest version that contains the most up-to-date information.

If you experience problems with COMODO/Sectigo Addtrust certificates, we recommend that you contact them for support on their certificates.