Connectivity issues due to expired AddTrust root CA


We've now resolved the incident. Thanks for your patience.


We are rolling out a new certificate across our servers to help mitigate the connectivity problems caused as a result of the 3rd party root CA expiring. Please use the Knowledge Base article in the previous update if you are currently experiencing a problem.


The 3rd party AddTrust root certificate expired on 30th May 2020 and any USS Gateway device that hasn't been updated will fail to verify the domain due to the TLS certificate referencing AddTrust in its chain. Although this should not have impacted any modern OS, some Ubuntu 16.04 certificate stores have not been updated and this can lead to TLS/SSL verification errors which cause a connectivity issue to the Web Security service.

If you are experiencing a connectivity issue, please follow the steps in the following Knowledge Base article:

We apologise for any inconvenience this may have caused.

Began at:

Affected components
  • Web Security / CASB Inline
    • Global
    • Europe
    • North America
    • United Kingdom
    • UAE