Summary of the Issue:

Sectigo’s legacy AddTrust Root and Intermediate Certificate, which was issued approximately 20 years ago, expired on May 30, 2020. Modern clients should be largely unaffected. However, older clients that relied on it may not be working as expected such as those with older versions of Java or applications running on older operating systems.


Devices that received security updates after mid-2015 should have the modern root certificate in their operating system or browser truststores and should be mostly unaffected. 

Resolution for Mac users:

1) Download then open (that is, click on the downloaded file -- this should open an app called Keychain Access) the following two files, which contain updated certificates:

[Download ] USERTrust RSA Root xSigned using AAA CA [ Cross Signed ]

[Download] SHA-2 Root : USERTrust RSA Certification Authority 

If you are prompted to approve adding these certificates, please click "Add"

2) Open the "Keychain Access" app (you can click the magnifying glass in the top-right corner of your screen then type "Keychain" -- this will display Keychain Access which you can click on to run.

3) In the left-had column, near the bottom, click on "Certificates". Then in the right-hand column, look for "USERTrust RSA Certificate Authority" -- it may have a red x through it.  If so Double-click on this certificate and proceed with the below instructions.

If there is not a red X, please try accessing the site in question again. If your issue resolved, you need not take any further action.

If your issue persists, continue with the instructions below.

4) Click on the word "Trust" (underlined below) to expand this section:

5) Click on the dropdown next to "when using this certificate" and select "Always Trust" then click the red x in the top-left corner of this window to close the certificate information. You will then be prompted to enter the password for your Mac. Please enter that password then hit return.

Try accessing the site that was previously giving you certificate errors -- it should now allow you to visit the site.