comodo warns me about the certificate isrg

prodex · September 29, 2021, 2:13pm

comodo warns me about the certificate isrg root x1:

Your SSL session can be read by unauthorized third parties. Do you want to browse with TOR? The issuer of the certificates isrg Rollt X1 is not an addredited entity

How can I dseactivate this certificate. By simply deleting it from the browser?

I could solve it.

C.O.M.O.D.O_RT · September 30, 2021, 11:29am

Hi prodex,

Thank you for reporting, may i know your CIS & Win version ?
And what you did & what happened ?
Any related Screenshot ??

Thanks
C.O.M.O.D.O RT

prodex · September 30, 2021, 2:27pm

Yes, of course.

Windows 10, cis 12.2.2.8012

css opend
message as mentioned (first post above)
isrg Rollt X1 by Let’s encrypt searched in Dragon:
Privacy and security—> Manage certificates
Manage HTTPS/SSL certificates and settings—>Intermediate Certification Bodies (third menu) and there you can find the certificicate
4.certificate downloaded (export) xxxx.cer
on my PC in VTRoot\harddiskvolume2\dragonportable\dragon

This certificate I blocked in firewall, HIPS and in containment. No more message.

I am not familiar with the advanced functions. attachment 1b

I can only import or export a certificate but not remove (can’t be selected - grayed out) attachment 1a

in comodo help:

Remove expired or revoked certificates
Select the certificate to be deleted and click ‘Remove’.

C.O.M.O.D.O_RT · October 1, 2021, 8:20am

Hi prodex,

Thank you for providing the information, let me check with team and update you.

Thanks
C.O.M.O.D.O RT

prodex · October 1, 2021, 12:05pm

Now I think how to stop the certificate:

export it, then import it again and choose as storage location in comodo: non trusted, but I can still find it in trusted issuer (attachm. 4)

What has more priority?

panic · October 1, 2021, 9:38pm

Hi Prodex,

One of my clients reported a similar certificate error (ISRG Root X1) and they received the following note from their ISP;

[i]Upstream SSL update causing email issues on older programs

New incident: Investigating

On September 30 2021, Let’s Encrypt updated their ROOT certificate.

The ROOT certificate is responsible for issuing SSL Certificates by Let’s Encrypt.

This change has caused the older ROOT certificate (DST Root CA X3) to no longer be accepted, this has been replaced with ISRG Root X1.

Some Email programs may still be referencing the older Root Certificate being (DST Root CA X3) and causing the mail clients NOT to validate the SSL SMTP and IMAP connections. This may be an issue with older devices that are not compatible with the new ROOT certificate.

For the full press release from Let’s Encrypt please see the link below.

[/i]_________________________________________________________________________________________________________

Cheers,
Ewen

prodex · October 2, 2021, 4:05am

Thank you, Ewen,

so there is no danger, that

Your (my) SSL session can be read by unauthorized third parties

.

prodex · October 2, 2021, 4:09am

I would still like to know what effect this has:

if you isrg double click in “untrusted” a window opens with this message:

This certificate has been revoked by its certificate authority.

Validity of the certificate until 2035

C.O.M.O.D.O_RT · October 4, 2021, 8:19am

Hi prodex,

We have reported to the related team and we will update you.

Thanks
C.O.M.O.D.O RT