Issue:
Older Macs and MS Windows PCs that cannot be upgraded to a modern OS may need to be kept around for a specific task because of legacy software installed.
One problem they have is that the Intermediate and Root certs expire and web sites based on those roots do not display.
Example:
The LetsEncrypt root expired September 2021. You can view the current chain at the "sample" site:
valid-isrgrootx1.letsencrypt.org/
MacOS:
1. Download the expired certificate.
e.g. For the LetsEncrypt root, you download it from x1.i.lencr.org. You will download a DER file (e.g. ISRG Root X1.der).
2. Open the Keychain Access program.
(Applications --> Utilities --> Keychain Access)
3. Drag the downloaded certificate file from the Downloads folder into the System Roots view.
The new certificate will be displayed in the System Roots view. See below.
MS Windows PC:
The easiest method is to navigate to a site with the replacement/new root cert that is expired on the local PC. If supported by the browser, the browser will auto prompt to install the root or intermediate certificate to the Windows Store.
(You may have to enter your OS login.)
e.g. For the LetsEncrypt root, you would navigate to the "sample" site:
valid-isrgrootx1.letsencrypt.org/
Alternate method:
1. Download the expired certificate.
e.g. For the LetsEncrypt root, you download it from x1.i.lencr.org. Since the server will detect a MS Windows browser, it will start a download for a CER file (e.g. ISRG Root X1.cer).
2. Go to the Downloads folder, highlight the cer file, and Open it.
3. In the certificate window, there is a button, Install Certificate. Click it.
4. This will start an import wizard. In the wizard, choose default option "Automatically select ...". Click Next. Click Finish.
5. Close the web browser. Open the web browser, and try the offending web site again.
previous page
|