07 Dec Houston, my CERT has expired!
How to solve the login error CERT_HAS_EXPIRED on Mnemonica Gate when using proxy servers.
What is a certificate for a web domain?
Every HTTPS web domain has a digital certificate (SSL – Secure Socket Layer) that authenticates its ownership and provides encrypted traffic with the clients. Third parties, called Certificate Authorities, like Let’s Encrypt, Verisign, etc., issue these certificates to verify who the actual domain’s owner is. This is done for security reasons, i.e. to avoid that someone claiming to be the owner can steal, for example, users’ credentials.
How your devices do trust the Certifying Authorities?
Operating systems such as Windows and macOS (but also Linux, Android, iOS, etc.), for each Certificate Authority, have, within their encrypted keychain, a certificate called root certificate. This certificate authorizes the device we are using to trust all the domains signed by that issuer. Suppose the root certificate and the domain certificate are both valid. In that case, the operating system authorizes the browser to access the domain (be it a website or an application, as in the case of Mnemonica Gate).
Certificates by their nature expire, all of them.
When the site’s certificate expires, the owner has to renew it. Otherwise, the site itself will be totally or partially unreachable. But when a root certificate expires, the operating system is required not to believe it anymore. Therefore, all the sites signed by that Certificate Authority will not be reachable anymore (Certificate has expired) or will be seen as potential threats.
Root certificates have a lifetime of several years, 5, 10, even 15. The operating system automatically renews them during its periodic updates. If an operating system, for some reason, is no longer updated by the software vendor or by the final user, the only way to update expired root certificates is by doing it manually. That’s why it’s always a good option, regardless of Mnemonica, to keep your devices always updated.
What to do.
If a user, by logging into the Gate using one of our proxy servers, receives the CERT_HAS_EXPIRED error message, it means that the root certificate that guarantees Mnemonica’s identity, installed on the device in use, has expired.
To renew it, you must download the new certificate from this link and, with administrator credentials, install it inside the keychain by simply double-clicking on the downloaded file.
1. When I read the message CERT_HAS_EXPIRED, is it a problem with Mnemonica?
No, Mnemonica could not operate with expired certificates. The problem is with the user’s operating system, which is probably not up-to-date.
2. To remedy the error message, do I have to reinstall the Gate or redo the pairing?
No, the problem lies in the device’s operating system you are using.
3. Can I manually install an updated root certificate?
Yes, as long as you have it and have administrator permissions on the device you are using.
4. Can I continue working with Mnemonica even if my root certificate has expired?
Yes, but if you are using our proxy servers, you will not be able to use Mnemonica Gate.