Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2369
Views
15
Helpful
9
Replies

Expressway DST Root CA X3 root certificate expired today

Go to solution
Guillermo_PY
Level 1
Level 1

‎09-30-2021 10:59 AM - edited ‎05-29-2023 06:10 AM

Hello Team,

 

Today I go the TLS verification error between the MRA zone because the Root CA of my expressway e expired.

 

My question: is necessary to generate again my expressway-e CSR and signed certificate again?

 

Because when I do the traversal certification check I got the message:

 

Results
Description The Expressway-C cannot verify the CA 'R3', which signed the Expressway-E's certificate
Action

Check that this CA is in the Expressway-C's trusted CA list, which currently contains 'QuoVadis Root CA 2,  Root CA 2, IdenTrust Commercial Root CA 1, R3, ISRG Root X1'.

 

 
 

 

Preview file
148 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Guillermo_PY
Level 1
Level 1

‎09-30-2021 12:48 PM

I did the procedure to re-generate the new certificate and with this, I resolved my issue.

 

OBS: I uploaded to the trusted CA these certificates, In both, expc and expe

https://letsencrypt.org/certs/isrgrootx1.pem

https://letsencrypt.org/certs/lets-encrypt-r3.pem

 

Thanks for your help @Roger Kallberg @Steven L 

 

 

View solution in original post

0 Helpful
9 Replies 9

Go to solution
Roger Kallberg
VIP
VIP

‎09-30-2021 11:38 AM

I would expect that if the certificate for the CA that created the signed server certificate has expired that you would need to regenerate your server certificate. The logic on this is that your chain of trust is broken. There might be other possibility’s, but straight up I don’t know what those are. You could try to get the new root and/or intermediate certificates from your CA and upload these to the trust store on both C and E.



Response Signature


Go to solution
Roger Kallberg
VIP
VIP

‎09-30-2021 11:45 AM - edited ‎09-30-2021 11:46 AM

See this note from Let’s Encrypt. https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/

https://letsencrypt.org/certificates/

As far as I can recall from doing this update well before the certificate would expire is that you need to get their current root and intermediate certificates uploaded into the trust store on both C and E.



Response Signature


0 Helpful

Go to solution
Roger Kallberg
VIP
VIP

‎09-30-2021 11:51 AM

This document explains what you would need to do. https://scotthelme.co.uk/lets-encrypt-old-root-expiration/



Response Signature


0 Helpful

Go to solution
Guillermo_PY
Level 1
Level 1

‎09-30-2021 12:10 PM

As mentioned in the document I did the procedure but it, not resolve my issue.

Now, I will be generated again the cert and upload the new cert signed.

 

 

0 Helpful

Go to solution
Roger Kallberg
VIP
VIP
In response to Guillermo_PY

‎09-30-2021 12:30 PM

I assume you use Acme services to get your server certificate, so it should be fairly easy to do this yourself, with no cost associated.



Response Signature


Go to solution
Guillermo_PY
Level 1
Level 1

‎09-30-2021 12:48 PM

I did the procedure to re-generate the new certificate and with this, I resolved my issue.

 

OBS: I uploaded to the trusted CA these certificates, In both, expc and expe

https://letsencrypt.org/certs/isrgrootx1.pem

https://letsencrypt.org/certs/lets-encrypt-r3.pem

 

Thanks for your help @Roger Kallberg @Steven L 

 

 

0 Helpful

Go to solution
Roger Kallberg
VIP
VIP
In response to Guillermo_PY

‎09-30-2021 01:30 PM

Great to hear. Any specific reason for why you have marked your own post as the solution?



Response Signature


0 Helpful

Go to solution
Guillermo_PY
Level 1
Level 1
In response to Roger Kallberg

‎09-30-2021 01:35 PM

To specify the files that were necessary to apply into the trust certificate on expressway

0 Helpful
Customers Also Viewed These Support Documents