Unable to access websites signed by Expired AddTrust External CA when Decryption is enabled with option to block Expired Certificates

Unable to access websites signed by Expired AddTrust External CA when Decryption is enabled with option to block Expired Certificates

30066
Created On 06/01/20 10:43 AM - Last Modified 06/02/20 16:30 PM


Symptom

AddTrust External CA Root expired on 30th of May, 2020. Customers who have a Decryption Policy configured to block users from accessing a website that presents an expired certificate will get a "Certificate Error" block page when they access sites with a certificate issued by this root CA.

Reference: https://support.sectigo.com/Com_KnowledgeDetailPage?Id=kA03l00000117LT



Resolution
This article is now replaced by Customer advisory:
https://live.paloaltonetworks.com/t5/customer-advisories/decryption-errors-created-by-the-expired-addtrust-external-root/ta-p/330976

Please follow the advisory for up-to-date information 


Additional Information

 


Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g0000008UFBCA2&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments