AddTrust or UserTrust root CA causes connectivity issues
The AddTrust root certificate expired on 30th May 2020 and any USS Gateway device that hasn't been updated will fail to verify the clouduss.com domain due to the TLS certificate referencing AddTrust in its chain. Although this should not have impacted any modern OS, some Ubuntu 16.04 certificate stores have not been updated and this can lead to TLS/SSL verification errors when accessing various web sites.
The steps to resolve this issue are as follows:
- Log in to the USS Gateway device as a root user (see Accessing the Command Line)
- Run:
nano /etc/ca-certificates.conf
and use the arrow keys to find the line containing "AddTrust_External_Root.crt" or "AddTrustExternalRoot.crt" - Delete the whole line
- Save the file by holding down
Ctrl
and pressing the letterO
and then and exit by holding downCtrl
and pressing the letterX
- Remove the old AddTrust_External_Root.crt certificate file by running the following commands. One command may fail, this is expected as it will be in one of the two locations depending on your system.
rm /usr/local/share/ca-certificates/AddTrustExternalRoot.crt
rm /usr/share/ca-certificates/mozilla/AddTrust_External_Root.crt
- Run:
update-ca-certificates --fresh
- Run:
/etc/init.d/uss-squid stop
- Wait 10 seconds
- Run:
/etc/init.d/uss-squid start