Unable to access websites signed by Expired AddTrust External CA when Decryption is enabled with option to block Expired Certificates

Unable to access websites signed by Expired AddTrust External CA when Decryption is enabled with option to block Expired Certificates

33311
Created On 06/01/20 10:43 AM - Last Modified 06/02/20 16:30 PM


Symptom


AddTrust External CA Root expired on 30th of May, 2020. Customers who have a Decryption Policy configured to block users from accessing a website that presents an expired certificate will get a "Certificate Error" block page when they access sites with a certificate issued by this root CA.

Reference: https://support.sectigo.com/Com_KnowledgeDetailPage?Id=kA03l00000117LT

Resolution


This article is now replaced by Customer advisory:
https://live.paloaltonetworks.com/t5/customer-advisories/decryption-errors-created-by-the-expired-addtrust-external-root/ta-p/330976

Please follow the advisory for up-to-date information 

Additional Information



 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g0000008UFBCA2&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail