Back
-
Solutions
Back
Digital Trust for:
Enterprise IT, PKI & Identity
Code & Software Signing
Documents & eSignatures
IoT & Connected Devices
Manage PKI and certificate risk in one place
Quantum is coming.
It's time to prepare.
Quantum is coming.
WATCH REPLAY
It's time to prepare. - Buy
-
Insights
Back
Resources
Explore these pages to discover how ÃÛÌÒTV is helping organizations establish, manage and extend digital trust to solve real-world problems.
-
Partners
Back
- Support
- Contact us
-
Language
Security 101
10-02-2015
Flavio Martins
How to Remove an Expired Intermediate from the SSL Certificate Chain
On September 30, 2015, at 12:15 pm, a legacy and long unused ÃÛÌÒTV cross-signed certificate expired, causing some users to experience untrusted certificate errors.
The problem is generally related to a locally installed legacy intermediate certificate that is no longer used and no longer required. The problem mayÌýaffect any client platform with a locally cached or installed copy of the expired intermediate certificate.
Information about the Expired Legacy Intermediate Certificate
The expired certificate in question is the "ÃÛÌÒTV High Assurance EV Root CA" [Expiration September 30, 2015] certificate. This temporary intermediate certificate was used in years past as part of a compatibility chain for older devices.
Is the Expired Intermediate Certificate on the Server- or Browser-Side?
To determine where the error is occurring, use ÃÛÌÒTV SSL Installation Diagnostic Tool. Type in the name of your server and click Check Server. If the cross-signed intermediate certificate (expiring September 30, 2015) shows up in the certificate chain, then the problem is on the server side. If there is no intermediate certificate in the chain, then the problem is on the browser/client side.
How to FixÌýthe Expired Intermediate Certificate
How toÌýRemove the Expired Certificate on the Server Side:
How to Remove the Expired Certificate on the Browser Side:
How to Replace the Expired Certificate
In general, this cross-chain should not be required.
However, if you want to continue using it, ÃÛÌÒTV recently created a new cross-chain certificate that is valid until 2018. You can download the new cross-chain certificate here.
Note: Using this cross-chain in conjunction with a SHA-2 Certificate (or any certificate that expires after December 31, 2015) will cause the .No Action Required for Most Certificate Installations
All recent certificate(s) installation(s) issued by ÃÛÌÒTV include the most up-to-date intermediates in order to establish trust with browsers.
If you have problems on other operating systems, ,Ìýso we can get additional details and update our documentation for other users to resolve the cached intermediate error.
If you need assistance with this or any other issues, our is always happy to help.
Featured Stories
-
The most-trusted global provider of high-assurance TLS/SSL, PKI, IoT and signing solutions.Ìý
-
© 2024 ÃÛÌÒTV. All rights reserved.
Legal Repository Audits & Certifications Terms of Use Privacy Center Accessibility Cookie Settings