Veeam Agent for Linux - Expired Sectigo RootCA Certificates
| KB ID: | 4016 |
| Product: | Veeam Agent for Linux |
| Published: | 2020-09-18 |
| Last Modified: | 2020-09-18 |
Challenge
Cause
On May 30th of 2020, Sectigo had an expired Root CA that will not be updated due to the age of the certificate. https://support.sectigo.com/Com_KnowledgeDetailPage?Id=kA03l00000117LT
Solution
To resolve this issue, the following steps must be performed:
- Change directory to the certificate location: cd /etc/ssl/certs
a. Check for AddTrust_External_Root.pem: ls
b. If present, remove it with: sudo rm AddTrust_External_Root.pem
2. Next, change the directory to the configuration file for global certificates: cd /etc
a. Edit the configuration file: sudo nano ca-certificates.conf or sudo vi ca-certificates.conf
b. Look for mozilla/AddTrust_External_Root.crt and comment it out:
3. Next, update the global cache by running: sudo update-ca-certificates
You will then be able to reconnect to the cloud repository.
RHEL/CentOS
See RedHat KB article 5117881.
SLES
Install SUSE-RU-2020:2428-1 for SLES12 or SUSE-RU-2020:2284-1 for SLES15; alternatively, upgrade ca-certificates-mozilla to version 2.42 or later.
More information
RHEL Bug 1842174: https://bugzilla.redhat.com/show_bug.cgi?id=1842174
SUSE Bug 1174673: https://bugzilla.suse.com/show_bug.cgi?id=1174673
The AddTrust External Root certificate is removed in ca-certificates-mozilla version 2.42 and later.
| KB ID: | 4016 |
| Product: | Veeam Agent for Linux |
| Published: | 2020-09-18 |
| Last Modified: | 2020-09-18 |
Couldn't find what you were looking for?
Please select a spelling error or a typo on this page with your mouse and press CTRL + Enter to report this mistake to us. Thank you!
