Let_s_Encrypt_Authority_X3.der expiring

I am receiving the below notification from Cisco Unity Connection that the Let_s_Encrypt_Authority_X3.der immediate certificate is about to expire. I read a passage stating that X3 immediate certificate is no longer in use. Should I be replacing this certificate with a different type of certificate? If I let the below certificate expire, will it cause any issues with my company's voice network?

Certificate expiration Notification:
Certificate name: Let_s_Encrypt_Authority_X3.der
Unit: tomcat-trust
Type: own-cert
Expiration: Wed Mar 17 12:40:46:000 EDT 2021 / Wed Mar 17 16:40:46:000 GMT 2021

Hi @Patrickr35

please explain why you use the X3 certificate.

If you create a new Letsencrypt certificate, the new R3 intermediate is included, not the old X3.

Result: If you renew your certificates, you don't use the old X3.

So that notification isn't relevant.

My predecessor installed this certificate a while back from Microsoft 365 Intermediate Certificate Bundle (P7B) which contains this specific certificate. If the X3 is no longer used then I will move forward with obtaining the R3 immediate certificate. All of this is new to me.

Well, we're somewhat confused why you have the X3 certificate "installed" anywhere at all. It may be that you don't need it at all, or it may be that when you next renew whatever certificate that's using it, since that one would be signed by R3 that you'd need to put R3 in that same place (though a well-done automated renewal system should take care of that for you). On the other hand, if this is for a trust store of some sort, you might just need ISRG Root X1. So we need more details on your setup in order to tell you what steps you might need to take. A CA changing an intermediate should be a non-event that nobody notices in most (though not all) configurations.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.