Desktop: Expired AddTrust External CA Root
Expected behaviour
My server certificate (sectigo) should expire the 21st November 2020.
Actual behaviour
The root certificate has expired ( AddTrust External CA Root and USERTrust ECC Certification Authority )
Date de début de validité : mar. mai 30 10:48:38 2000 GMT
Date d'expiration : sam. mai 30 10:48:38 2020 GMT
Works like a charm on browsers ( chromium and firefox , because they use the new root certificate )
Steps to reproduce
- Get a sectigo certificate
- Install it
- Wait the 30th May to get it expired
Client configuration
Client version: 2.6.4stable-Win64 (build 20200303)
Operating system: Windows 10
Logs
- Client logfile:
Impossible de se connecter de manière sécurisée à ######### :
Le certificat racine de la chaîne de certificats est auto-signé et non approuvé
Le certificat a expiré
avec certificat AddTrust External CA Root
Organisation : AddTrust AB
Unité : AddTrust External HTTP Network
Pays : SE
Empreinte (SHA1) : 02:fa:f3:e2:91:43:54:68:60:78:57:69:4d:#############
Empreinte (SHA-256): 68:7f:a4:51:38:22:78:ff:f0:c8:b1:1f:8d:43:d5:76:67:1c:6e:b2:bc:ea:b4:13:fb:############
Empreinte (SHA-512): 49:dd:7c:ce:6f:71:1e:c3:ad:ff:46:08:ba:d3:af:ce:9a:85:f7:27:9e:3f:e1:b5:d8:a8:7c:65:34:a7:90:90:bd:3c:c8:97:b5:7f:d3:10:cd:7a:ef:90:2b:26:0d:58:5f:ea:1d:39:01:52:6c:87:4f:###############
Date de début de validité : mar. mai 30 10:48:38 2000 GMT
Date d'expiration : sam. mai 30 10:48:38 2020 GMT
Émetteur : AddTrust External CA Root
Organisation : AddTrust AB
Unité : AddTrust External TTP Network
Pays : SE
Le certificat a expiré
avec certificat USERTrust ECC Certification Authority
Organisation : The USERTRUST Network
Unité : <non spécifié>
Pays : US
Empreinte (SHA1) : c0:1b:84:63:c8:61:96:76:ba:10:2e:eb:f0:c3:###########
Empreinte (SHA-256): c2:b2:5b:ad:6f:6e:d6:52:16:ca:da:d7:42:0b:e9:a3:c7:87:b7:78:9f:4c:02:22:c3:5a:###########
Empreinte (SHA-512): 6f:38:f1:cf:37:bd:92:9c:89:a5:ac:6f:15:63:0a:e4:4f:1d:9d:bf:aa:01:6d:08:b3:0a:36:7b:ea:ea:bd:17:e5:b3:ee:89:be:2a:79:c8:a7:8a:50:db:7c:e8:8e:66:77:99:0e:ea:98:bf:1e:###################
Date de début de validité : mar. mai 30 10:48:38 2000 GMT
Date d'expiration : sam. mai 30 10:48:38 2020 GMT
Émetteur : AddTrust External CA Root
Organisation : AddTrust AB
Unité : AddTrust External TTP Network
Pays : SE
NewRedsquare
All 5 comments
Same here.
AddTrust External CA Root has expired.
JB1985
on 1 Jun 2020
Same here.
Edit:
Its a worldwide issue:
https://www.agwa.name/blog/post/fixing_the_addtrust_root_expiration
taeddyyy
on 2 Jun 2020
https://www.agwa.name/blog/post/fixing_the_addtrust_root_expiration
https://twitter.com/__agwa/timelines/1266777818811322368
I'm not sure if there is anything to do for Nextcloud. It depends if the client is using the systems certifcate storage ~(than you should be able to fix the issue by adding the intermediate certificate to your operating systems certificate storage)~ otherwise we need to bump the certificate bundle. Probably easier for some of you to migrate to lets encrypt.
cc @misch7 @er-vin
kesselb
on 2 Jun 2020
@kesselb this is a perfect workaround ! For my case , i reissued my certificate at the same time ;)
The new root certificate differs from modern browsers : i got AAA Certificate services
NewRedsquare
on 2 Jun 2020
We indeed don't bundle certificates, we're having their status through Qt APIs which AFAIK talk to the system indeed.
er-vin
on 2 Jun 2020
Related issues
NeoFromMatrix
·
53Comments
klada
·
80Comments
e-alfred
·
71Comments
pzwahlen
·
55Comments
anatekar
·
53Comments