Will expired certificates kicks unpatched older devices at the end of 2020 out of business?

[German]Owners of older devices that don't get any more updates will probably have to prepare themselves for the fact that they will become inoperable at the turn of the year 2020/2021 – at least as far as access to secure internet connections is concerned. This is caused by expiring root certificates.


Some background information

In cryptography and in the field of computer security, root certificates are used. These root certificates have a public key that identifies a root certificate authority. Root certificates are self-signed and form the basis of an X.509-based public key infrastructure, and all further certificates are derived from these root certificates.

Root certificates also have a validity period and expiration date. After this expiration date, the root certificates and all certificates derived from them become invalid. But this is usually not a problem: Device manufacturers roll out an update that replaces the expired root certificate. If this is forgotten or is not possible, the devices can no longer establish secure Internet connections, install software, etc. because the protection provided by the root certificate has been broken.

In summer 2020 I had pointed out in my blog post Expired certificates kick IoT devices out of business that smart devices like smart TVs, refrigerators or other IoT devices (smart speakers, thermostats etc.) are out of business soon. When the AddTrust External CA [Certificate Authority] root expired in May 2020, various devices suddenly stopped working. Even owners of older smartphones and tablet PCs no longer receive updates and thus no more updated certificates. But there is more to come.

Root certificates expire at the end of 2020

Blog reader Karl just asked on Twitter what happens to unpatched or unconnected devices when their root certificates expire. The figure in the following tweet shows the expiration dates of various certificates.

Zum Jahreswechsel 2020/2021 laufen Root-Zertifikate aus
(Click to zoom twice)


In Windows every user can easily check which certificates are installed and when they expire. Simply select Internet Options in the Control Panel, then click on the Content tab and the Certificates button. Then the certificate store will appear and you can check the expiration dates. For example, the Microsoft Root Authority certificate expires on 31.12.2020 and then becomes invalid. Various Thawte certificates also become invalid on 1 January 2021.

Similar articles:
Expired certificates kick IoT devices out of business
Windows 10 forgets certificates during upgrade
Ouch: Let's encrypt withdraws 3 million certificates

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *