Sectigo AddTrust External CA Root Expired May 30, 2020

  • Wednesday, 3rd June, 2020
  • 16:45pm

Sectigo's legacy AddTrust External CA Root certificate expired on May 30, 2020.

Modern clients should largely be unaffected. Devices that received security updates after mid 2015 should have the modern USERTrust RSA Certification Authority root certificate (valid until Jan 2038) in their operating system or browser truststores and should be largely unaffected.

Legacy devices that have not received updates to support newer roots will also likely to be missing other essential security updates and support for standards required by the modern Internet. We strongly encourage decommissioning these devices if their software cannot be upgraded. Non-upgraded, legacy devices should never be exposed to the Internet and special mitigations should be applied to isolate them from neighbor systems.

Please note, the SSL certificate itself is active and modern devices and browsers do not show and would not show any error.

What to do if you faced any issues?

Remove the expired AddTrust External CA file from your server and replace it with the latest one. You can download the latest files from Client Area / API in a ZIP file or CRT format.


Sectigo Intermediate and Root CA Certificates

DV ECC Download Sectigo ECC DV Bundle
DV RSA Download Sectigo RSA DV Bundle
OV ECC Download Sectigo OV ECC Bundle
OV RSA Download Sectigo OV RSA Bundle
EV ECC Download Sectigo EV ECC Bundle
EV RSA Download Sectigo EV RSA Bundle


If you have any questions, please review the official announcement from Sectigo.


« Back