Some certificates issued by SSL.com chain to Sectigo’s USERTrust RSA CA root certificate via an intermediate that is cross-signed by an older root, AddTrust External CA. The AddTrust root is set to expire on May 30, 2020, and some of our customers have been wondering if they or their users will be affected by the change.
The short answer is the overwhelming majority of people will not experience any problems when the AddTrust root expires in May. The AddTrust cross-signing was originally done to account for older devices that did not include the USERTrust root. If the USERTrust root is present (as it is in 100% of modern browsers, operating systems, and mobile devices), the software will simply choose a trust path that leads to USERTrust and ignores AddTrust. Due to the USERTrust root’s ubiquity, only a vanishingly small number of legacy devices can be expected to experience trust issues when AddTrust expires.