Certificates 06-12-2020

The Impact of a Root Certificate Expiration

DigiCert

You may have heard about the recent root certificate expiration that’s been affecting a large number of sites. Root certificates are a necessary part of the certificate chain, but when they need to be replaced it affects the entire chain.

Just as the roots of a tree provide life to the leaves and branches, root certificates are the base of the certificate chain.

What is a root certificate?

In the chain of trust, a root certificate is the first link. Unlike other certificates, it is self-signed, meaning the issuer and subject are the same. It is a kind of X.509 certificate that can be used to issue other certificates. Certificate authorities (CAs) adhere to strict requirements to merit the trust of having a root certificate.

Root certificates also typically have long periods of validity, compared to intermediate certificates. They will often last for 10 or 20 years, which gives enough time to prepare for when they expire. However, there still can be hiccups in the process of switching to the new root certificate.

Fixing error due to an expired root certificate

When a root certificate expires, operating systems may flag the certificate as invalid even if you have the new root certificate. You may be able to fix the problem by deleting the expired root certificate.

Learn more at Learn more at https://www.digicert.com/campaigns/tls-best-practices-guide#help.

UP NEXT
PKI

3 Surprising Uses of PKI in Big Companies and How to Ensure They Are all Secure

5 Min

Featured Stories

07-03-2024

What is a CA’s Role in delivering digital trust?

11-27-2024

6 actionable ways to secure the IIoT at every stage

Tracking the progress toward post-quantum cryptography

The state of PQC since the publication of FIPS 203, 204 and 205