At March 1st, May 15th and June 2nd, Sectigo transitioned to new root certificates that are not included in the current stable ca-certificates package. This means that any new Sectigo certificate will not be trusted by Debian bookworm, which is starting to result in errors and will continue to
get worse as expiring certificates are replaced with new ones.
See also
https://www.sectigo.com/faqs/detail/Sectigo-Public-Intermediates-and-Roots/kA0Uj0000003eov
Although this can be mitigated by either manually installing the new root certificates on each machine, or by adding the testing/trixy repository to
get 20250419, or downloading the .deb and manually install it; it would be highly preferred if a more recent version is included in bookworm.
Tom
<div dir="ltr"><div>At March 1st, May 15th and June 2nd, Sectigo transitioned to new root certificates that are not included in the current stable ca-certificates package. This means that any new Sectigo certificate will not be trusted by Debian
bookworm, which is starting to result in errors and will continue to get worse as expiring certificates are replaced with new ones.<div></div></div><div><br></div><div>See also <a href="
https://www.sectigo.com/faqs/detail/Sectigo-Public-Intermediates-and-
Roots/kA0Uj0000003eov">
https://www.sectigo.com/faqs/detail/Sectigo-Public-Intermediates-and-Roots/kA0Uj0000003eov</a> <br></div><div><br></div><div>Although this can be mitigated by either manually installing the new root certificates on each machine,
or by adding the testing/trixy repository to get 20250419, or downloading the .deb and manually install it; it would be highly preferred if a more recent version is included in bookworm.</div><div><br></div><div>Tom</div></div>
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)