Bulletproof TLS Newsletter is a free periodic newsletter bringing you commentary and news surrounding SSL/TLS and Internet PKI, designed to keep you informed about the latest developments in this space. Maintained by Hanno Böck.
28 Oct 2021
On September 30, the root certificate with the common name DST Root CA—owned by the company IdenTrust—expired. Notably, this certificate was used by Let’s Encrypt to cross-sign its intermediate certificates in the past.
Technically, two expiration events happened on this day: the old Let’s Encrypt intermediate certificate expired a few hours before the root certificate. Both events caused a number of problems.
The intermediate expiration mainly caused issues with hosts still serving the expired intermediate. In such a situation, many client applications are unable to validate the leaf certificate for that site. Although this issue was widespread, it was relatively simple to understand and easy to fix by delivering the new certificate.Read More
This subscription is just for the newsletter; we won't send you anything else.
Designed by Ivan Ristić, the author of SSL Labs, Bulletproof TLS and PKI, and Hardenize, our course covers everything you need to know to deploy secure servers and encrypted web applications.
Remote and trainer-led, with small classes and a choice of timezones.
Join over 1,500 students who have benefited from more than a decade of deep TLS and PKI expertise.