Certificates 06-12-2020

The Impact of a Root Certificate Expiration

DigiCert

You may have heard about the recent root certificate expiration that’s been affecting a large number of sites. Root certificates are a necessary part of the certificate chain, but when they need to be replaced it affects the entire chain.

Just as the roots of a tree provide life to the leaves and branches, root certificates are the base of the certificate chain.

What is a root certificate?

In the chain of trust, a root certificate is the first link. Unlike other certificates, it is self-signed, meaning the issuer and subject are the same. It is a kind of X.509 certificate that can be used to issue other certificates. Certificate authorities (CAs) adhere to strict requirements to merit the trust of having a root certificate.

Root certificates also typically have long periods of validity, compared to intermediate certificates. They will often last for 10 or 20 years, which gives enough time to prepare for when they expire. However, there still can be hiccups in the process of switching to the new root certificate.

Fixing error due to an expired root certificate

When a root certificate expires, operating systems may flag the certificate as invalid even if you have the new root certificate. You may be able to fix the problem by deleting the expired root certificate.

UP NEXT
PKI

3 Surprising Uses of PKI in Big Companies and How to Ensure They Are all Secure

5 Min

Featured Stories

04-28-2022

Digital Trust as an IT Imperative

03-28-2022

The Seven Habits of Highly Trustworthy Devices

02-17-2022

How the Smart Seal Displays Trust for an Innovative Provider of Quantum-Safe Security Solutions