On May 30, the commonly used Sectigo (Comodo) Root certificate, named AddTrust External CA Root certificate will expire.
Applications that rely on the operating system’s list of trusted root certificates and the majority of modern clients should not be impacted. However, some may experience issues connecting to UC Berkeley (and other) websites that are secured by InCommon SSL/TLS certificates. These special cases include:
-
Clients using older browsers or operating systems not containing an updated list of trusted root certificates
-
Java keystores or other special cases requiring the root certificate in addition to the intermediate certificates
Java keystores or other special cases
Certain applications, such as Java KeyStores, may require providing the root certificate in addition to the intermediate certificates. Obtain certificates from a trusted source like the certificate store on your local computer or directly from the Root CA.
The root, in addition to the InCommon intermediate, provides the appropriate CA signing bundle for the above special cases. For example, if the web application is integrated with CAS and depends on a Java KeyStore or PKCS bundle, the certificate chain may need updating to include the new root certificate.
More information
CalNet Web Link (Links to the newer Root CA)