1-800-691-1991 | 9am - 8pm ET

Veeam Agent for Linux - Expired Sectigo RootCA Certificates

KB ID: 4016
Published: 2020-09-18
Last Modified: 2020-09-18


Veeam Agent for Linux connecting to a Cloud Repository with a seemingly valid Cloud certificate fails with "certificate has expired".


On May 30th of 2020, Sectigo had an expired Root CA that will not be updated due to the age of the certificate. https://support.sectigo.com/Com_KnowledgeDetailPage?Id=kA03l00000117LT




To resolve this issue, the following steps must be performed:

  1. Change directory to the certificate location: cd /etc/ssl/certs
     a. Check for AddTrust_External_Root.pem: ls

    b. If present, remove it with: sudo rm AddTrust_External_Root.pem

2. Next, change the directory to the configuration file for global certificates: cd /etc

         a. Edit the configuration file: sudo nano ca-certificates.conf or sudo vi ca-certificates.conf
         b. Look for mozilla/AddTrust_External_Root.crt and comment it out:


3. Next, update the global cache by running: sudo update-ca-certificates

You will then be able to reconnect to the cloud repository.


See RedHat KB article 5117881.


Install SUSE-RU-2020:2428-1 for SLES12 or SUSE-RU-2020:2284-1 for SLES15; alternatively, upgrade ca-certificates-mozilla to version 2.42 or later.

More information

RHEL Bug 1842174: https://bugzilla.redhat.com/show_bug.cgi?id=1842174

SUSE Bug 1174673: https://bugzilla.suse.com/show_bug.cgi?id=1174673

The AddTrust External Root certificate is removed in ca-certificates-mozilla version 2.42 and later.

KB ID: 4016
Published: 2020-09-18
Last Modified: 2020-09-18

Couldn't find what you were looking for?

Below you can submit an idea for a new knowledge base article.
Report a typo on this page:

Please select a spelling error or a typo on this page with your mouse and press CTRL + Enter to report this mistake to us. Thank you!

Spelling error in text

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Your report was sent to the responsible team. Our representative will contact you by email you provided.
We're working on it please try again later
Knowledge base content request
By submitting, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Policy.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

ty icon

Thank you!

We have received your request and our team will reach out to you shortly.


error icon

Oops! Something went wrong.

Please go back try again later.