The Impact of a Root Certificate Expiration

You may have heard about the recent root certificate expiration that’s been affecting a large number of sites. Root certificates are a necessary part of the certificate chain, but when they need to be replaced it affects the entire chain.

Just as the roots of a tree provide life to the leaves and branches, root certificates are the base of the certificate chain.

What is a root certificate?

In the chain of trust, a root certificate is the first link. Unlike other certificates, it is self-signed, meaning the issuer and subject are the same. It is a kind of X.509 certificate that can be used to issue other certificates. Certificate authorities (CAs) adhere to strict requirements to merit the trust of having a root certificate.

Root certificates also typically have long periods of validity, compared to intermediate certificates. They will often last for 10 or 20 years, which gives enough time to prepare for when they expire. However, there still can be hiccups in the process of switching to the new root certificate.

Fixing error due to an expired root certificate

When a root certificate expires, operating systems may flag the certificate as invalid even if you have the new root certificate. You may be able to fix the problem by deleting the expired root certificate.


3 Surprising Uses of PKI in Big Companies and How to Ensure They Are all Secure

Featured Stories

VMC Blog Featured Image

Getting Your Logo in Your User's Inbox: Tips Learned from the VMC Gmail Pilot


What Makes Digital Signatures Secure


How Vaccine Passports Could Change Digital Identity