Baltimore_CyberTrust_Root.crt expiring certificate

Baltimore_CyberTrust_Root.crt expiring certificate


This KB is to inform you about the expiration of the Baltimore CyberTrust Root CA certificate and clarify its impact on ZPE products.
This certificate is not required for the proper functioning of our products and does not affect service availability or security.


Warning message:
Systems running Nodegrid OS v6.0.10 and newer may display the following message:

 

Warning: A certificate is expiring. Type: Unknown. Name: /usr/share/ca-certificates/mozilla/Baltimore_CyberTrust_Root.crt. Expiration: 2025-5-12. Remaining Days: 60.


Recommended Action:

If your environment does not require this certificate for other integrations, you can safely delete it or ignore and close the warning.


For customers who have integrated third-party services that may rely on this certificate, we recommend reviewing your specific use case to determine if any adjustments are needed.



Instructions to delete certificate file:

Go to Nodegrid CLI as admin, then type: shell sudo su -  and follow the steps below: 


# sed 's:^mozilla/Baltimore_CyberTrust_Root.crt:!\0:' -i /etc/ca-certificates.conf

 

# update-ca-certificates

Updating certificates in /etc/ssl/certs...

W: /usr/share/ca-certificates/mozilla/E-Tugra_Certification_Authority.crt not found, but listed in /etc/ca-certificates.conf.

W: /usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_1.crt not found, but listed in /etc/ca-certificates.conf.

W: /usr/share/ca-certificates/mozilla/Security_Communication_Root_CA.crt not found, but listed in /etc/ca-certificates.conf.

rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL

0 added, 1 removed; done.

Running hooks in /etc/ca-certificates/update.d...

done.

 

# mount -o remount,rw /

# rm /usr/share/ca-certificates/mozilla/Baltimore_CyberTrust_Root.crt

# mount -o remount,ro /


And then wait for up to 15 minutes for the banner to be cleared.


Note

Starting in Nodegrid OS version 6.0.23 , this certificate expiration check will be turned off by default, and users can opt-in to it.


    • Related Articles

    • Customize docker data-root from Nodegrid UI

      In Nodegrid 6.0 or greater, you can customize the docker data-root from the Web UI. You can specify which disk partition to move the docker data-root. Any mounted and formatted disk partition can be used. The location will be created as /docker. If ...
    • How to Configure IPSec Host to Host tunnel with Certificate

      Version 0.1 (02 May 2018) Overview Host to Host configurations allow two nodes to established a tunnel between them. The encrypted communication will be limited just to the two nodes involved. Figure 11: Host to Host Configuration Example Details ...
    • How to Configure IPSec Host to Site Tunnel with Certificate

      Version 0.1 (02 May 2018) Overview Host to Site configurations are very similar to Host to Host configurations, especially the authentication methods are the same. Added changes to the configurations are the values for rightsourceip and rightsubnets. ...
    • How to Configure IPSec Site to Site Tunnel with Certificate

      Version 0.1 (02 May 2018) Overview Site to Site Configurations are further extension to host to site configurations. Communication is in this case expanded between multiple subnet on both sites of the connection. Subnet and communication IP addresses ...
    • Install a X.509 Certificate from a Certificate Signing Request

      Generate a Certificate Signing Request Log in Nodegrid as root: ssh root@<Nodegrid_IP> Change directory to /etc/CA: cd /etc/CA Create a RSA key: openssl genrsa -out key.pem.new 2048 Create a Certificate Signing Request: openssl req -new -sha256 -key ...