In order for a browser to authenticate a website, it presents itself as a valid chain of certificates. A typical chain is shown at the top and may have more than one intermediate certificate. The minimum number of certificates in a valid chain is three.
The root certificate is the heart of the certification authority. It is literally built into your OS or browser, it is physically present on your device. You can't change it from the server side. You need to force an OS or firmware update on your device.
Security Specialist Scott Helme that the main problems will arise with the Let's Encrypt certificate authority, because today it is the most popular CA on the Internet, and its root certificate will soon go out. Changing the Let's Encrypt Root .
Certificate Authority (CA) end and intermediate certificates are delivered to the client from the server, while the root certificate is delivered to the client already have, so with this collection of certificates, you can chain together and authenticate the website.
The problem is that every certificate has an expiration date, after which it needs to be replaced. For example, from September 1, 2020, the Safari browser plans to introduce a limitation on the validity period of server TLS certificates .
This means that we will all have to replace server certificates at least every 12 months. This limitation only applies to server certificates, it not applies to root CA certificates.
CA certificates are governed by a different set of rules and therefore have different validity limits. It is very common to see intermediate certificates with a validity period of 5 years and root certificates with a lifetime of even 25 years!
There are usually no problems with intermediate certificates, because they are supplied to the client by the server, which itself changes its own certificate much more often, so that it simply replaces the intermediate one during this procedure. It's fairly easy to replace along with the server certificate, as opposed to the root CA certificate.
As we have already said, the root CA is built directly into the client device itself, into the OS, into the browser or other software. Changing the root CA is beyond the control of the website. This requires an update on the client, be it an OS or software update.
Some root CAs have been around for a very long time, about 20-25 years. Soon some of the oldest root CAs will be nearing the end of their natural life, their time almost up. For most of us, this won't be a problem at all, because CAs have created new root certificates, and they've been distributed all over the world in OS and browser updates for years. But if someone hasn't updated their OS or browser in a very long time, that's kind of a problem.
This situation arose on May 30, 2020 at 10:48:38 GMT. This is the exact time when from Comodo Certificate Authority (Sectigo).
It was used for cross-signing to ensure compatibility with legacy devices that do not have the new USERTrust root certificate in store.
Unfortunately, problems arose not only in legacy browsers, but also in non-browser clients based on OpenSSL 1.0.x, LibreSSL and . For example, in TV boxes , service , in Fortinet, Chargify, .NET Core 2.0 on Linux, and .
It was assumed that the problem would only affect legacy systems (Android 2.3, Windows XP, Mac OS X 10.11, iOS 9, etc.), since modern browsers can use the second USERTRust root certificate. But in fact, hundreds of web services that used the free libraries OpenSSL 1.0.x and GnuTLS began to fail. A secure connection could not be established with an outdated certificate error.
Next - Let's Encrypt
Another good example of an upcoming root CA change is the Let's Encrypt CA. More they planned to move from the Identrust chain to their own ISRG Root chain, but this .
βDue to concerns about the under-propagation of ISRG root on Android devices, we have decided to move the transition date to native root from July 8, 2019 to July 8, 2020,β Let's Encrypt said in an official post.
The date had to be rescheduled due to a problem that is called "root propagation", or more specifically, the lack of root propagation when the root CA is not widely distributed on all clients.
Let's Encrypt currently uses a cross-signed intermediate certificate chained to the IdenTrust DST Root CA X3 root. This root certificate was issued back in September 2000 and will expire on September 30, 2021. Until then, Let's Encrypt plans to switch to its own self-signed ISRG Root X1.
The ISRG root was released on June 4, 2015. After that, the process of its approval as a certification authority began, which ended . From that point on, the root CA was made available to all clients through an operating system or software update. All you had to do was install the update.
But therein lies the problem.
If your mobile phone, TV or other device has not been updated for two years - how does it know about the new ISRG Root X1 root certificate? And if it is not installed on the system, then all Let's Encrypt server certificates will be invalidated by your device as soon as Let's Encrypt moves to a new root. And in the Android ecosystem, there are many outdated devices that have not been updated for a long time.
Android Ecosystem
This is why Let's Encrypt has postponed the transition to its own ISRG root and still uses an intermediate that descends to the IdenTrust root. But the transition will have to be made anyway. And the date of the root change is appointed .
To check that your device (TV, set-top box or other client) has ISRG X1 root installed, open the test site . If you don't see a security warning, you're usually fine.
Let's Encrypt isn't the only one facing the problem of moving to a new root. Cryptography on the Internet began to be used a little more than 20 years ago, so right now is the time for the expiration of many root certificates.
Owners of smart TVs who have not updated their Smart TV software for many years may encounter such a problem. For example, the new GlobalSign root was released in 2012, and after that some old Smart TVs cannot build a chain to it, because they simply do not have this root CA. In particular, these clients could not establish a secure connection to bbc.co.uk. To solve the problem, the BBC admins had to resort to a trick: they through additional intermediate certificates, using old roots ΠΈ that are not yet rotten.
www.bbc.co.uk (Leaf) GlobalSign ECC OV SSL CA 2018 (Intermediate) GlobalSign Root CA - R5 (Intermediate) GlobalSign Root CA - R3 (Intermediate)
This is a temporary solution. The problem will not go away if you do not update the client software. A smart TV is essentially a Linux computer with limited functionality. And without updates, its root certificates will inevitably go bad.
This applies to all devices, not just TVs. If you have any device that is connected to the Internet and that has been advertised as a "smart" device, then the problem with rotten certificates is almost certainly related to it. If the device is not updated, then the CA root store will become outdated over time, and eventually the problem will resurface. How soon the problem occurs depends on when the root store was last updated. This may be several years before the actual release date of the device.
By the way, this is the problem, why some major media platforms cannot use modern automated certificate authorities like Let's Encrypt, writes Scott Helme. They are not suitable for smart TVs, and the number of roots is too small to guarantee certificate support on legacy devices. Otherwise, the TV simply will not be able to launch modern streaming services.
The latest AddTrust incident showed that even large IT companies are not ready for the fact that the root certificate expires.
There is only one solution to the problem - updating. Smart device developers should provide a mechanism for updating software and root certificates in advance. On the other hand, it is unprofitable for manufacturers to ensure the operation of their devices after the end of the warranty period.
Source: habr.com