06-11-2020

The Impact of a Root Certificate Expiration

You may have heard about the recent root certificate expiration that’s been affecting a large number of sites. Root certificates are a necessary part of the certificate chain, but when they need to be replaced it affects the entire chain.

Just as the roots of a tree provide life to the leaves and branches, root certificates are the base of the certificate chain.

What is a root certificate?

In the chain of trust, a root certificate is the first link. Unlike other certificates, it is self-signed, meaning the issuer and subject are the same. It is a kind of X.509 certificate that can be used to issue other certificates. Certificate authorities (CAs) adhere to strict requirements to merit the trust of having a root certificate.

Root certificates also typically have long periods of validity, compared to intermediate certificates. They will often last for 10 or 20 years, which gives enough time to prepare for when they expire. However, there still can be hiccups in the process of switching to the new root certificate.

Fixing error due to an expired root certificate

When a root certificate expires, operating systems may flag the certificate as invalid even if you have the new root certificate. You may be able to fix the problem by deleting the expired root certificate.

UP NEXT
file

3 Surprising Uses of PKI in Big Companies and How to Ensure They Are all Secure

Featured Stories

03-01-2021

Why It’s Never Been a Better Time to Automate

01-10-2021

DigiCert shuts down legacy Symantec TLS systems with migration of more than 250,000 customers and partners to CertCentral

11-27-2019

Looking beyond the Lock – Reliable Identity in Today’s Web Age