Forum Discussion
JRahm
Admin
AdminINFORM: Entrust CA will be untrusted in Chrome after Oct 31, 2024
If you manage certs from Entrust in your environment, this will impact your Google Chrome users, so intermediate certs will likely need to be bundled to handle this in your clientssl profiles OR if you control all the clients you can assure that explicit trust in the clients is enabled for Entrust CAs.
Google details on the situation
sgamerNimbostratus
Hi Jason,
We use Entrust for a public and private CA. I'm having issues with the public configuration. I'm no cert expert but I manage a ton of them on our LTMs. Mostly I just know enough to get by with our current configurations.
Currently we have an Entrust issuing cert and a root cert that are text based. Someone before my time at my employer created a text file and simply copied the text of the two certs, in the respective order, into a file and then imported the file as a cert on the LTMs. We then choose that certificate in the Chain field in SSL profiles. Whether that's the best way to do it or not, I don't know but it's been working fine.
Due to the Entrust's mistrust, it appears we now need to create a new chain with an SSL.com CA root and a new Entrust issuing cert. I was given two SSL root certs (An ECC and an RSA) from our security team and they both appear to be binary files so the method we used previously isn't going to work. I don't yet have the new Entrust issuing certificate so not sure what format that will be but hopefully the same if it matters.
If you, or anyone else, could point me in the direction of how to configure the new certificate chain I'd greatly appreciate it.
Thanks!