#2230

In order to fix the issue with the expiration of Comodo/Sectigo CA the following actions must be done on some legacy devices/software:

Link to Cross-signed certificate:

https://comodoca.my.salesforce.com/sfc/p/#1N000002Ljih/a/3l000000VbAR/r5xd1JISSRVHeYpuB5yWee1XcPZeIVFHFx_iWXmT5M8

Link to Interlediate Comodo CA:

https://comodoca.my.salesforce.com/sfc/p/1N000002Ljih/a/1N0000000wpS/Z.rh3MmrSwuG4jT0Q64QpdfbP7Y3.HX2txjSo7katcM

This solved the issue.

For GIT/IntelliJ issue:
Please update git client

Windows: https://gitforwindows.org/

Linux:

apt update -y && apt upgrade -y 

For Linux:
Centos/Redhat7:
Run as root:

trust dump --filter "pkcs11:id=%AD%BD%98%7A%34%B4%26%F7%FA%C4%26%54%EF%03%BD%E0%24%CB%54%1A;type=cert" > /etc/pki/ca-trust/source/blacklist/addtrust-external-root.p11-kit
update-ca-trust extract

Ubuntu:
Run as root:

Edit /etc/ca-certificates.conf and put a bang/exclamation mark (!) before mozilla/AddTrust_External_Root.crt
Run update-ca-certificates

For Windows:

Install Manually the cross-signed certificate into Windows Certificate Store

For java:
Delete certificate with alias addtrustclass1ca from the JVM cacerts (in Jre/lib/security)
Add new certificate (cross-signed) for domain validation in the same JRE cacerts;
Save the cacerts and restart your app.

For Weblogic, Apache Tomcat & SpringBoot:
Delete certificate with alias addtrustclass1ca from the JVM cacerts (in Jre/lib/security)
Add new certificate (cross-signed) and intermediate for domain validation in the same JRE cacerts;
Save the cacerts and restart your app.

(You can use KeyStore Explorer to manipulate the certificates.)

————
Tags :
30 may
PKIX
mozilla certificate issue

Certificate, security

[Linux] Create a folder with quota [Network] Test network performance