GTE CyberTrust Global Root Expiration Alert

View some of the Frequently Asked Questions to our support staff. Included are some tips and tricks making this forum ideal for users getting started with GoAnywhere MFT. Note: Users can reply to existing topics but only our support staff can add new topics to this forum.
5 posts Page 1 of 1

Support_Philip

User avatar
Site Admin
Posts: 46
Joined: Wed Jun 21, 2017 8:12 am

Post by Support_Philip » Mon Jul 16, 2018 11:21 am
You may get alerts that you have an expiring Certificate Authority certificates. Most recently, the alerts have been for the GTE cert below.

Valid until: 13/Aug/2018
Serial #: 01:A5
Thumbprint: 97817950D81C9670CC34D809CF794431367EF474

Based on the information available at the links below from the cert provider (Digicert), this certificate is not being renewed, but there is only a slim chance you are using it. It has been deprecated in some browsers as mentioned in the first link.

According to Digicert Support [7/16/2018], the Baltimore CyberTrust Root cross-chain, but they weren’t able to provide a link to this information. For more information contact Digicert Support via the link below.

https://www.digicert.com/digicert-root-certificates.htm

https://www.digicert.com/blog/what-the- ... ots-means/


Why does this happen?

When you install GoAnywhere, you get the latest Root certificates available from Java. We provide this service so our customers don’t have to find and install each Root cert. These certs – which have expiration dates -- work with your (or your trading partner’s) signed certificates to build a trust chain for SSL/TLS connections. When a certificate expires or is upgraded, you can easily find, download and import the new cert into GA (see user guide for importing). In the case of the GTE CyberTrust Global Root, Digicert does not seem to be providing this. We have been unable to get an official response from Digicert, but the link above implies that if you are using an old certificate that relies on this Root cert, you would need to renew your certificate. At that time, it would rely on a much newer Root cert. The same would hold true for your trading partner, but it would be their responsibility to make available the new certificate to you.
Philip Horn
Senior Support Analyst
e. philip.horn@helpsystems.com
p. 1-800-949-4696
w. GoAnywhere.com | HelpSystems.com

smithla2

Posts: 1
Joined: Tue May 22, 2018 4:13 pm

Post by smithla2 » Tue Jul 17, 2018 10:49 am
Key Alias: gtecybertrustglobalca

Support_Julie

User avatar
Support Specialist
Posts: 91
Joined: Thu Mar 05, 2009 3:49 pm
Location: Ashland, NE USA

Post by Support_Julie » Wed Aug 01, 2018 1:44 pm
You may also see an alert for an Equifax certificate that is being retired.
Please refer to this link: https://www.geotrust.com/resources/root ... tired.html
Julie Rosenbaum
Sr Support Analyst
e. goanywhere.support@helpsystems.com
p. 1.800.949.4696
w. HelpSystems.com

ssdpl1

Posts: 1
Joined: Thu Jul 02, 2015 7:55 am

Post by ssdpl1 » Wed Aug 08, 2018 7:49 am
Are we safe to simply delete the cert so we don't receive the error daily? Is there a way to know if something is using the cert?

Support_Philip

User avatar
Site Admin
Posts: 46
Joined: Wed Jun 21, 2017 8:12 am

Post by Support_Philip » Fri Aug 17, 2018 11:46 am
As the GTE CyberTrust Global Root is being replaced by the Baltimore CyberTrust Root , you should be safe to delete it. Additionally, the certificate should no longer be in use as it has since expired.
Philip Horn
Senior Support Analyst
e. philip.horn@helpsystems.com
p. 1-800-949-4696
w. GoAnywhere.com | HelpSystems.com
5 posts Page 1 of 1