ShopSite Knowledgebase

Some browsers' root certificates for Verisign, AT&T, and GTE CA's expired on Dec 31, 1999

Some customers using older browsers may receive a warning message
after Jan 1, 2000 stating that the "Certificate Authority is Expired" when
accessing a secure server using a certificate issued by Verisign, GTE,
or AT&T.

The browsers that will experience this problem are Netscape v4.06 and
older; also Microsoft Internet Explorer 4.01 and 4.5 for Macintosh have
a similar problem. There is some discrepancy over the actual percentage of
users that will see this problem, as there are no concrete numbers for the
actual market share of these versions of browsers.

Solution ID: S03691

There is nothing that can be done for this problem on the server side exceptto buy a new secure certificate from a certificate authority whose root certificate
does not expire yet (such as Thawte). Otherwise, the customers accessing the secure
server must either upgrade their web browsers to a compliant version or
install the latest root certificate from the Certificate Authority's web site.

It is recommended that store owners create an informational page on their
web site detailing this problem for their customers. This page should let your
customers know what to do to fix the warning message, and provide links
to the browser's web site to upgrade their browser and/or the CA's web site
to download the latest root certificate. It's also important to note that
if the customer clicks to continue through the warning message, a normal
SSL connection will be made and all information will be encypted as it
normally would.

Additional Information:

1. Entrust is a Certificate Authority whose root certificate does not expire at
the end of this year. They are estimating that 25% of users will be affected, but
no verifiable references are made to how this number was reached. More info
can be found at:

2. Verisign estimates that only about 2% of internet users will be affected by this
problem using information from More information on what
Verisign is saying about the problem can be found at:

3. GTE provides a browser compatibility table to document which browsers will
be affected, as well as an FAQ for the root rollover issue:

Related Articles

No related articles were found.


No attachments were found.

Visitor Comments

Article Details

Last Updated
13th of November, 2008

Would you like to...

Print this page  Print this page

Email this page  Email this page

Post a comment  Post a comment

 Subscribe me

Subscribe me  Add to favorites

Remove Highlighting Remove Highlighting

Edit this Article

Quick Edit

Export to PDF

User Opinions

How would you rate this answer?

Thank you for rating this answer.