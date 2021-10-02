Some users, who use old devices to access the internet, are reporting problems during the last Thursday (11) due to the expiration of a security certificate provided by Let’s Encrypt, one of the largest HTTPS certificate companies in the world.

It was around

in the morning, Brasilia time, that the IdentTrust DST Root CA X3 root certificate has expired. It allowed the connection of old cell phones and computers, without updates in the last five years, securely to websites that used it.

Root certificates serve as a link key between a device , whether it’s a cell phone or computer, and the internet. They are an element that ensures that connections are secure and encrypted.

The sites that used the certificate were warned in advance that it would expire in September, but even so, many users are not accessing some sites after the date. Error message displayed on devices affected by the expired certificate. (Image: Screenshot/Dácio Augusto)

The ZDNET website has confirmed that the following pages are affected. We emphasize that potentially there are more addresses affected, but that have not yet been identified:

Palo Alto

Bluecoat

Cisco Umbrella

Catchpoint

Guardian Firewall

Monday.com

PFsense

Google Cloud Monitoring

Azure Application Gateway

OVH Auth0

Shopify

Xero

QuickBooks

Fortinet



Heroku

Rocket League

InstaPage

Ledger

Netlify

Cloudflare Pages

Some of the affected websites have alerted users to possible issues as of certificate expiration date . Services such as Fortinet have told the ZDNET portal that they are already aware of the problem and are providing temporary solutions for users with older devices that use the platform’s services.

A survey by the TechCrunch website showed which devices may be affected by the expiration of the IdentTrust DST Root CA X3 certificate are the ones running macOS systems released by 95, Windows XP with Service Pack 3, video game consoles released before 2019 and not receiving updates from firmware and any tools that need OpenSSL 1.0.2 to work. Devices with Android 7.1.1 or earlier will also have issues due to the expired certificate.

Preventing issues with certificates

Tim Callan, a specialist in digital certificates, explained to an article on the ZDNET portal that all modern digital systems, even the security ones, need certificates to work.

Callan states that the consequences of the expiration of a certificate can be as varied as the systems that make use of it, and in the case where access failures occur, other related systems may be affected, even if they do not make use of that specific certificate.

The certificate specialist suggests, as a way of prevention, that companies check which certificates their systems are using and which ones are supported. Thus, they will be able to identify where possible access failures may occur in the future and be prepared, preventing situations like the one created by IdentTrust DST Root CA X3 from occurring.

Source: ZDNET, TechCrunch