Linux Patch Notes
| Patch Information | |
|---|---|
| Release | v7.4.0.154 |
| Date | 2025-06-27 |
| Document version | 1 |
Resolved Issues
-
AGT-66251 [CS2146989]: Hosts displays an error in CipherTrust Manager, that host certificate expires soon, but after renewing, error still displays
When a CTE 7.4 client registers with CipherTrust Manager (CM), CM provides it with certificates for the CA that signed the web server certificate. CTE uses these certificates to authenticate the web server to ensure a secure connection can be established.
The issue was that when an intermediate CA had previously been used, the CM would provide both the intermediate, and the root CA certificates, for use for authentication by CTE. However, CTE was only storing the intermediate certificate in the local trust store, and not the root certificates. This allowed authentication to work correctly only until the intermediate certificate expired or was replaced.
The solution was to store all of the CA certificates, sent from the CM, in the trust store. Then, when the intermediate certificate is replaced, the root CA certificate can still be used to authenticate the connection. This works only if the root CA is unchanged.
Since CTE has a record of the certificates provided by the CM during registration, the trust store is automatically corrected to contain all CA certificates at the time this fix is installed.
Note
CTE v7.5.0 and subsequent versions do not use the same format trust store, so those versions do not have this problem.
