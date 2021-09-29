the commitment to devices constantly connected to the internet it requires the guarantee of a minimum security of its connections, to make it difficult for them to be invaded in any way. And this security is guaranteed, among other ways, through the use of SSL certificates.

Companies and non-profit entities such as Let’s Encrypt are dedicated to issue these certificates to online servers: they are known as Certification Authorities (CA). Typically, these certificates must be renewed every period, which can take up to a few years.

However, for Internet-connected devices to trust these certificates, they must have their own pre-installed certificate types, the ‘root certificates’, that can last between 20-25 years.

It felt like 20 years would never pass, right?

The problem is that the first root certificates started being issued exactly two decades ago , so they have already started to expire. Specifically, the first root certificate issued by Let’s Encrypt, the IdentTrust DST Root CA X3, will expire in three days on September 30th.

For most of our devices, this will be a normal day. , as software and hardware vendors have long since updated their firmware and operating systems …

… However, those others devices abandoned by their manufacturers after the end of their official support and therefore no longer receive updates, will suddenly be without access to the WWW. This includes, for example:

Integrated systems designed not to update automatically .

. Smartphones with old software versions.

versions of macOS prior to macOS 2016 .

. versions of MS Windows prior to Windows XP Service Pack 3 .

. PlayStations older than have not yet received firmware updates .

older than . In general, all software based on OpenSSL 1.0.2 or earlier.

In the case of Android, Let’s Encrypt announced that it has launched a cross-signing system that ‘purchase’ plus three years of validity for devices equipped with Android 7.1.1 or lower , although users using versions from 5.0 onwards. install a Firefox browser to avoid problems while browsing (includes its own certificate, regardless of operating system).

According to security researcher Scott Helme on his blog, due to its huge popularity, expiration of IdentTrust DST Root CA X3 will cause many more problems than AddTrust , another root certificate that already expired last May and that has already caused interruptions in the online availability system of Red Hat, Roku or Stripe.

Via Genbeta