#1 Global Leader in Data Resilience
#1 Global Leader in Data Resilience
TRY NOW
book meeting
BACK TO KB LIST

Veeam Agent for Linux - Expired Sectigo RootCA Certificates

KB ID: 4016
Product: Veeam Agent for Linux | 4.0 | 5.0 | 6.0 | 6.1 | 6.2 | 6.3 | 6.3.1
Published: 2020-09-18
Last Modified: 2023-02-08
mailbox
Get weekly article updates
By subscribing, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.

Cheers for trusting us with the spot in your mailbox!

Now you’re less likely to miss what’s been brewing in our knowledge base with this weekly digest

error icon

Oops! Something went wrong.

Please, try again later.

Challenge

Veeam Agent for Linux connecting to a Cloud Repository with a seemingly valid Cloud certificate fails with "certificate has expired".
kb4015_1

Cause

On May 30th of 2020, Sectigo had an expired Root CA that will not be updated due to the age of the certificate. https://support.sectigo.com/Com_KnowledgeDetailPage?Id=kA03l00000117LT

 

 

Solution

To resolve this issue, the following steps must be performed:

  1. Navigate to the certificate location: cd /etc/ssl/certs
     a. Check for AddTrust_External_Root.pem: ls
kb4015_2

    b. If present, remove it with: sudo rm AddTrust_External_Root.pem

2. Next, change the directory to the configuration file for global certificates: cd /etc

         a. Edit the configuration file: sudo nano ca-certificates.conf or sudo vi ca-certificates.conf
         b. Look for mozilla/AddTrust_External_Root.crt and comment it out:

kb4015_3

3. Next, update the global cache by running: sudo update-ca-certificates

You will then be able to reconnect to the cloud repository.

RHEL/CentOS

See RedHat KB article 5117881.

SLES

Install SUSE-RU-2020:2428-1 for SLES12 or SUSE-RU-2020:2284-1 for SLES15; alternatively, upgrade ca-certificates-mozilla to version 2.42 or later.

More Information

RHEL Bug 1842174: https://bugzilla.redhat.com/show_bug.cgi?id=1842174

SUSE Bug 1174673: https://bugzilla.suse.com/show_bug.cgi?id=1174673

The AddTrust External Root certificate is removed in ca-certificates-mozilla version 2.42 and later.

To submit feedback regarding this article, please click this link: Send Article Feedback
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.

Spelling error in text

Thank you!

Thank you!

Your feedback has been received and will be reviewed.

Oops! Something went wrong.

Please, try again later.

You have selected too large block!

Please try select less.

KB Feedback/Suggestion

This form is only for KB Feedback/Suggestions, if you need help with the software open a support case
By submitting, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.
Verify your email to continue your product download
We've sent a verification code to:
  • Incorrect verification code. Please try again.
An email with a verification code was just sent to
Didn't receive the code? Click to resend in sec
Didn't receive the code? Click to resend
Start using Veeam:
Download the product
&
Activate the license key
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

error icon

Oops! Something went wrong.

Please, try again later.