Some of our users have received reports about their AddTrust External CA Root or USERTrust RSA Certification Authority certificate. The problem occurs because the remote server sends a root certificate in the chain that will expire in less than 14 days. Here are the steps to verify this and a few tips on how to resolve it.

As part of our service, we perform SSL certificate monitoring. We do this slightly different than other providers, which is why were able to detect a problem with the SSL certificates of a large, commercial, CDN provider. In this post, we'll do a technical deep-dive into how we found this problem!