An endpoint for Expired Root Certificates?

[cogpie]

Hi, thank you for your service - just what I was looking for. I would like to make a feature request:

https://www.digicert.com/blog/impacts-of-root-certificate-expiration/

An end point with an expired root. I note recently that some software/libraries check for this and others not.

Despite how rare it is, this would be another great test point. Thank you

[jsha]

Let's Encrypt is planning to use a cross-sign past the root's expiration date, in order to extend our Android compatibility: https://letsencrypt.org/2020/12/21/extending-android-compatibility.html. This will cause problems for certain versions of OpenSSL: https://community.letsencrypt.org/t/openssl-client-compatibility-changes-for-let-s-encrypt-certificates/143816.

We'd love to point people to a site they can use to test clients for behavior with a chain that includes an expired root. Unfortunately we (Let's Encrypt) can't do it with our own certificates, because the root we chain to (DST Root CA X3) doesn't expire until September.

[lgarron]

This sounds reasonable to me, if you can help send a PR. Would it make the most sense to have a general such case, or a few of them specific to some well-known expired/expiring CAs?

[jsha]

I think just one such case would be sufficient for our needs.

[lgarron]

Apologies for only keeping one eye on this; what would be a good name for this subdomain? Should we try to ask DigiCert for it?

[jsha]

It's not clear to me from DigiCert's blog post whether they have any certificate chains that meet these criteria. However, from @agwa's blog post at https://www.agwa.name/blog/post/fixing_the_addtrust_root_expiration, it appears that Sectigo's active intermediate Sectigo RSA Domain Validation Secure Server CA can have an appropriate chain built by adding the USERTrust RSA Certification Authority <-- AddTrust External CA Root that expired last May.

I think a good hostname would be expired-root.badssl.com, and it should be green; as in, clients should ignore the expired root and validate the chain successfully.

[AGWA]

@jsha My blog post describes a scenario where a server sends a chain whose last certificate is an expired intermediate. If I'm understanding Let's Encrypt's plans correctly, you'll be using a chain whose last certificate is an unexpired intermediate. Does this detail matter for the test, or does it only matter that the last certificate in the chain be issued by an expired root?

[dz902]

Definitely needed. The self-signed root cert from osixia/openldap was expired in some older versions. I found some of the error messages from SSL clients differ, and some are quite confusing. This would make a nice addition.