Hello. I have read more topics, but still it is not clear for me
Imagine, my CA bundle contains from long chain:
ISRG Root X1 (Not After: Jun 4 2035 GMT) - Root cert
ISRG Root X2 (Not After: Sep 17 2040 GMT) - Root cert
DST Root CA X3 (isrg-root-x1-cross-signed) (Not After : Sep 30 2024 GMT) - Intermediate cert
Let's say DST Root CA X3, which is here to extend compatibility with older Android devices will expire in Sep 2024. Will my trust to Server host will be broken, in case of one cert from CA bundle is expired or it will be all good and only old Android devices might have a problem ?
Is there any change required in my CA bundle after expiration of DST Root CA X3 in Sep 2024 or not ?
That's technically a "cross-signed root certificate" (a variant of ISRG Root X1), not an intermediate cert.
It's not entirely clear what you refer here by "ca-bundle". I'm going to assume that you mean a system's trust store containing root certificates. In that case, your bundle should never have included the cross-signed DST Root CA X3 to start with.
DST Root CA X3 already expired on Sep 30 14:01:15 2021 GMT, more than 2 years ago. What's going to expire in 2024 is the cross-sign of ISRG Root X1 to the (already expired) DST Root CA X3.
The cross-sign is only intended for Android devices. The reason is that only Android is capable of building trust paths to an expired root certificate (DST Root CA X3). Other TLS implementations won't do that and hence stopped using DST Root CA X3 years ago.
Assuming you have a standard trust store with at least ISRG Root X1 (ideally also ISRG Root X2 for the future), no changes required. You should never include anything that says DST Root CA X3, that's already expired and serves no use.
Thank you very much for your feedback
Yes, with CA bundle, I mean system's trust store inside the app containing root certificates, which app trusts.
My current config contains:
ISRG Root X1 (Not After: Jun 4 2035 GMT) - Root cert
ISRG Root X2 (Not After: Sep 17 2040 GMT) - Root cert
DST Root CA X3 (isrg-root-x1-cross-signed) (Not After : Sep 30 2024 GMT)
I'm confused now, because everywhere, I read that long chain is recommended for most websites/services. But I did not find any information about what certificates are recommended to be part of the trust store.
Here Correct ca bundle to use - #14 by rg305 for example, I read some conflicting opinions. However based on your feedback, if I understand it correctly, every trust store should contain only ISRG Root X1 and ISRG Root X2 and nothing else
So, if my trust store will contain only these 2 root certificates:
ISRG Root X1 (Not After: Jun 4 2035 GMT) - Root cert
ISRG Root X2 (Not After: Sep 17 2040 GMT) - Root cert
Will be support for old Android devices still ensured ?
Those are two separate things. The "chain" is a set of certificates (leaf and intermediate certificates) that are being served by a TLS server (webserver or similar). The (recommended) chain is provided by the Certificate Authority (Let's Encrypt). Indeed, Let's Encrypt lets you choose between two chains currently. Just using whatever default is provided is fine for the majority of server operators.
The trust store is provided by the operating system for most users. Windows, macOS, iOS, Android and others already have pre-installed lists of trusted (root) certificates which are automatically managed by the OS vendor. Browsers also ship their own trust store these days. It is therefore rarely necessary to manage a trust store yourself, even if you develop some application.
If you are developing some application that somehow requires you to manage a trust store yourself (this isn't common, but it happens - perhaps you could describe your app in more detail?), you should store only root certificates in it. There are many too choose from, but if all you care about is Let's Encrypt that trust store should contain ISRG Root X1 and ISRG Root X2.
Your trust store should have nothing to do with Android. The Android compatibility is fading, no matter what you do with any ca-bundle or trust store. It doesn't affect Android in any way.
Hi. Thank you for additional explanation. Basically, I have mobile app that connects to Server Backend Host. My Backend Host has TLS certificate issued by let's encrypt certificate chain. It's so called server-pinning mechanism between App and Backend Service
Certificate for my backend host is automatically rotated and new one is issued by R3 intermediate every few months. To ensure, that mobile app trusts our Server, we have trust store configured inside mobile app config and this trust store contains following certificates:
ISRG Root X1 (Not After: Jun 4 2035 GMT) - Root cert
ISRG Root X2 (Not After: Sep 17 2040 GMT) - Root cert
DST Root CA X3 (isrg-root-x1-cross-signed) (Not After : Sep 30 2024 GMT)
It would not make sense to configure also R3 intermediate certificate as this expire soon (2025). Therefore we have configured only Root certificates inside trust store. And I have noticed, there is one making me nervous, which is DST Root CA X3 cross-signed root certificate, which will expire in 2024
So, if it can be confirmed for sure, that ISRG Root X1 and ISRG Root X2 are only needed let's encrypt root certificates inside trust store of my mobile app config and having also DST Root CA X3 as part of trust store is not providing any bonus, just risk, that after Sep 2024, my trust store will be broken, then this topic will be clarified and clear for me
Your trust store should include only root certificates, and never intermediate certificates.
Having ISRG Root X1 and ISRG Root X2 in it is fine, and will trust all certificates issued by Let's Encrypt. DST Root CA X3 definitely shouldn't be in it.
But you probably also want some other backup CAs in there, possibly one you make yourself, just in case Let's Encrypt has some problem (a root key compromise, running out of funding, whatever) that stops them from issuing certificates.
Making a good trust store is complicated, and the reason you're not finding much guidance is that most people shouldn't be doing it and just using their platform's built-in trust store instead. It depends a lot on what exactly your goals are and the reason that you're trying to build your own trust store in the first place.
Ah yeah, certificate pinning is one of the use-cases that requires you to define what's effectively a local trust store, valid only for your application. You're absolutely right to not pin an intermediate: Not only does R3 expire, Let's Encrypt will also start issuing from randomized new intermediates soon. If you have to pin something, pinning the root is your best bet. You will need at least ISRG Root X1 for that. If you ever intend to issue an ECDSA certificate, ISRG Root X2 is recommended as well. And, as @petercooperjr already said, having some sort of backup certificate for emergencies is recommended, unless you can easily roll out software updates in an emergency already.
Thanks @petercooperjr and @Nummer378
Regarding possibility to have also backup CA, I can't answer as I'm not architect of this solution.
I will inform responsible people to remove DST Root CA X3 from trust store inside our mobile app config.
