This KB is to inform you about the expiration of the Baltimore CyberTrust Root CA certificate and clarify its impact on ZPE products.
This certificate is not required for the proper functioning of our products and does not affect service availability or security.
Warning message:
Systems running Nodegrid OS v6.0.10 and newer may display the following message:
Warning: A certificate is expiring. Type: Unknown. Name: /usr/share/ca-certificates/mozilla/Baltimore_CyberTrust_Root.crt. Expiration: 2025-5-12. Remaining Days: 60.
Recommended Action:
If your environment does not require this certificate for other integrations, you can safely delete it or ignore and close the warning.
For customers who have integrated third-party services that may rely on this certificate, we recommend reviewing your specific use case to determine if any adjustments are needed.
# sed 's:^mozilla/Baltimore_CyberTrust_Root.crt:!\0:' -i /etc/ca-certificates.conf
# update-ca-certificates
Updating certificates in /etc/ssl/certs...
W: /usr/share/ca-certificates/mozilla/E-Tugra_Certification_Authority.crt not found, but listed in /etc/ca-certificates.conf.
W: /usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_1.crt not found, but listed in /etc/ca-certificates.conf.
W: /usr/share/ca-certificates/mozilla/Security_Communication_Root_CA.crt not found, but listed in /etc/ca-certificates.conf.
rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
0 added, 1 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
# mount -o remount,rw /
# rm /usr/share/ca-certificates/mozilla/Baltimore_CyberTrust_Root.crt
# mount -o remount,ro /