Sectigo AddTrust Root Expiration - Effects and Resolution
Zesty.io uses Sectigo (previously Comodo) as a certificate authority. An AddTrust legacy root cross-sign certificates in place to increase support old systems and devices expired on May 30th, 2020. This would affected many applications or installations that depend on this cross-signed root to make requests to Zesty.io services. It also could affect old operating systems that have not received updates.
The effect would be requests would be see as non-secure, even though they were secure. This would happen because the requesting legacy system would not have the latest information to verify the secure connection.
Resources to learn more:
- Sectigo official annoucement: https://support.sectigo.com/articles/Knowledge/Sectigo-AddTrust-External-CA-Root-Expiring-May-30-2020
- Great summary from Berkely: https://calnetweb.berkeley.edu/calnet-technologists/incommon-sectigo-certificate-service/addtrust-external-root-expiration-may-2020
- Troublingshooting blog: https://www.agwa.name/blog/post/fixing_the_addtrust_root_expiration
- Troubleshooting Q&A on Twitter: https://twitter.com/__agwa/status/1266770821932027911
How this affects you as a Zesty.io user?
API Consumption: Systems that consume Zesty.io APIs will need to make sure they have a new server operating system that receive security updates to be able to confirm connections to our API are secure. If you are experiencing this issue your server will return an error like: "certificate verify failed (certificate has expired)"
Instant JSON or Preview Server Consumption: Systems that consume Zesty.io's preview URLs (for example https://xyzxyz-dev.preview.zesty.io) need to make sure they have a new server operating system that receive security updates which can confirm connections to our API are secure. If you are experiencing this issue your server will return an error like: "certificate verify failed (certificate has expired)"
Instant JSON or Preview Browser Consumption: Older Operating Systems that have not been updated will receive a non-secure connection error when consuming Zesty.io's preview URLs (for example https://xyzxyz-dev.preview.zesty.io) will need to update their operating system.
ATOM editor developers: Developers using the Zesty.io ATOM plugin will need to update to the latest version 0.46.5 https://atom.io/packages/zestyio-atom
By Randy Apuzzo
Randy has had a penchant for computer programming from an early age and started applying his skills to build business software in 2004. Randy's stack of skills range from programming, system architecture, business know-how, to typographic design; which lends to a truly customer-centric and business effective software design. He leads the Zesty.io team as CEO.