- Veeam Support Knowledge Base
- Veeam Agent for Linux - Expired Sectigo RootCA Certificates
Veeam Agent for Linux - Expired Sectigo RootCA Certificates
Cheers for trusting us with the spot in your mailbox!
Now you’re less likely to miss what’s been brewing in our knowledge base with this weekly digest
Challenge
Cause
On May 30th of 2020, Sectigo had an expired Root CA that will not be updated due to the age of the certificate. https://support.sectigo.com/Com_KnowledgeDetailPage?Id=kA03l00000117LT
Solution
To resolve this issue, the following steps must be performed:
- Navigate to the certificate location: cd /etc/ssl/certs
a. Check for AddTrust_External_Root.pem: ls
b. If present, remove it with: sudo rm AddTrust_External_Root.pem
2. Next, change the directory to the configuration file for global certificates: cd /etc
a. Edit the configuration file: sudo nano ca-certificates.conf or sudo vi ca-certificates.conf
b. Look for mozilla/AddTrust_External_Root.crt and comment it out:
3. Next, update the global cache by running: sudo update-ca-certificates
You will then be able to reconnect to the cloud repository.
RHEL/CentOS
See RedHat KB article 5117881.
SLES
Install SUSE-RU-2020:2428-1 for SLES12 or SUSE-RU-2020:2284-1 for SLES15; alternatively, upgrade ca-certificates-mozilla to version 2.42 or later.
More Information
RHEL Bug 1842174: https://bugzilla.redhat.com/show_bug.cgi?id=1842174
SUSE Bug 1174673: https://bugzilla.suse.com/show_bug.cgi?id=1174673
The AddTrust External Root certificate is removed in ca-certificates-mozilla version 2.42 and later.
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.
Spelling error in text
Thank you!
Your feedback has been received and will be reviewed.
Oops! Something went wrong.
Please try again later.
KB Feedback/Suggestion
This form is only for KB Feedback/Suggestions, if you need help with the software open a support case
Thank you!
Your feedback has been received and will be reviewed.