Entrust [ entrustsslca ] Certificate Expiring Alert

View some of the Frequently Asked Questions to our support staff. Included are some tips and tricks making this forum ideal for users getting started with GoAnywhere MFT. Note: Users can reply to existing topics but only our support staff can add new topics to this forum.
1 post Page 1 of 1


User avatar
Site Admin
Posts: 47
Joined: Wed Jun 21, 2017 8:12 am

Post by Support_Philip » Fri Apr 26, 2019 11:29 am
If you receive the following certificate expiration warning, it means the Entrust 1024-bit RSA Root Certificate is expiring. As with any Root certificate, it will only affect GoAnywhere MFT transfers if it is actually being used. This is very unlikely.
cert expiring.png
cert expiring.png (12.78 KiB) Viewed 4932 times
When you install GoAnywhere, you get the latest Root certificates available from Java. We provide this service so our customers don’t have to find and install each Root cert. These certs – which have expiration dates -- work with your (or your trading partner’s) signed certificates to build a trust chain for SSL/TLS connections.

When a certificate expires or is upgraded (and is still supported), you can easily find on the Internet, download and import the new cert into GA (see user guide for importing).

However, this Root CA certificate (Alias: entrustsslca shown below) has not been supported for over five years, according to the CA’s website, and it is only used for “private trust for one carrier”, so you should be able to delete it. When upgrading, older CA certs are not removed, just in case they are still in use.

As of January 1, 2014, Entrust discontinued use of the root “CN = Entrust.net Secure Server Certification Authority” for issuance of public trust SSL/TLS certificates. Entrust supported the removal of the root from many browser’s and operating system’s root embedding programs.

For more information:
https://www.entrust.com/get-support/ssl ... -rsa-root/

To make certain it is the same cert, you can use the link above to the the SHA1 fingerprint and compare it (click View from the KMS or key store as shown below).

If you want to be extremely cautious, export it first and compare to the key shown at the link above. Then you could import it if needed (hypothetic).
Note: If you using File Based keys you will need to delete it from this store as well.
Philip Horn
Senior Support Analyst
e. [email protected]
p. 1-800-949-4696
w. GoAnywhere.com | HelpSystems.com
1 post Page 1 of 1