Page 1 of 1

Entrust [ entrustsslca ] Certificate Expiring Alert

Posted: Fri Apr 26, 2019 11:29 am
by Support_Philip
If you receive the following certificate expiration warning, it means the Entrust 1024-bit RSA Root Certificate is expiring. As with any Root certificate, it will only affect GoAnywhere MFT transfers if it is actually being used. This is very unlikely.
cert expiring.png
cert expiring.png (12.78 KiB) Viewed 3088 times
When you install GoAnywhere, you get the latest Root certificates available from Java. We provide this service so our customers don’t have to find and install each Root cert. These certs – which have expiration dates -- work with your (or your trading partner’s) signed certificates to build a trust chain for SSL/TLS connections.

When a certificate expires or is upgraded (and is still supported), you can easily find on the Internet, download and import the new cert into GA (see user guide for importing).

However, this Root CA certificate (Alias: entrustsslca shown below) has not been supported for over five years, according to the CA’s website, and it is only used for “private trust for one carrier”, so you should be able to delete it. When upgrading, older CA certs are not removed, just in case they are still in use.

As of January 1, 2014, Entrust discontinued use of the root “CN = Secure Server Certification Authority” for issuance of public trust SSL/TLS certificates. Entrust supported the removal of the root from many browser’s and operating system’s root embedding programs.

For more information: ... -rsa-root/

To make certain it is the same cert, you can use the link above to the the SHA1 fingerprint and compare it (click View from the KMS or key store as shown below).

If you want to be extremely cautious, export it first and compare to the key shown at the link above. Then you could import it if needed (hypothetic).
Note: If you using File Based keys you will need to delete it from this store as well.