Information Center

In the Information Center you will find everything you need to know about SobiPro and its applications!
It is also the place to download SobiPro, its applications and language packages.

Applications

Enhance your directories!
Get additional functionality for SobiPro with our applications.

Get Applications

Templates

Design your directories!
Check out the different SobiPro templates we have created for you.

Get SobiPro Templates

Languages

Let your directories speak your language!
SobiPro is translated into more than 30 languages.

Get your Language package

SobiPro Announcement
SobiPro 2.5 is available!

As an active customer download the full version of SobiPro from the description page or download the trial version of SobiPro free of charge.

SobiPro 2.5 is Joomla 5 compatible.
We are in the process to test our applications if they work with Joomla 5. Tested applications will be available in repository. You can download untested versions that may work on Joomla 5 on our site.

The day the AddTrust External CA Root Certificate expired

On 30 May 2020, the AddTrust External CA Root Certificate expired. Expiration of a certificate is nothing unusual. Certificates expire all the time, and certification authorities expire once in many years (20+ years). But on 30 May 2020, the expiring certification authority creates an issue, which makes our SobiPro repository unavailable for some of our customers.

Unfortunately it took some time until we completely understood what happened to our repository and how to fix it.

Certificate Authorities control multiple root certificates, and the older root certificates are generally more widely distributed on older servers. Certificate Authorities generate cross-certificates to ensure that their certificates are supported as widely as possible. A cross-certificate uses the same public key as the root being signed, and the same subject.

Our repository uses a certificate issued by the COMODO RSA Certification Authority. Sectigo (formerly Comodo) operates a root certificate named AddTrust External CA Root, used to establish cross-certificates to modern Sectigo root certificates, the COMODO RSA Certification Authority and USERTrust RSA Certification Authority. Until 2038, those root certifications do not expire.
The AddTrust External CA Root, however, expired on May 30th 2020.

What happens?

The SobiPro repository shows expired certificate.

SSL validation error: The SSL certificate for the SobiPro repository has expired.

Checking the certificate shows that it is good until 29 September 2020, but SobiPro is not able to validate it positively.

And it is not possible to add the repository again. If fact, SobiPro does not even try to connect to the repository because the validation of the repository certificate fails. This is the correct behaviour if the certificate is indeed expired.

This problem does not happen for all users, so it also does not happen for us or our support staff. But we have an old local testing server and here the problem happens too.

As connecting to the repository with a browser does also not show any problems, we concentrated on the way SobiPro connects to the repository. SobiPro uses CURL via SSL, which needs an OpenSSL (or similar) library installed on the server SobiPro is running.

After 30 May 2020, modern SSL libraries and browsers will chain back to the modern root certificates that the older AddTrust was used to cross sign. No problems will occur on updated, newer servers which has had updates made.

The library being in charge for the problem is OpenSSL. There is a bug in OpenSSL versions below 1.1.1, where OpenSSL refuses to connect if the root certificate is expired. OpenSSL 1.1.1 skips the expired root certificate and correctly continues looking for additional root certificates that can prove that our repository certificate is valid.

What if the problem happens for you?

In the meantime we replaced the old intermediate certificates for our repository server with newer ones, so the problem should not longer happen for you!

Why the problem happened for you and not for other users?

The problem happened for all servers with an older version of OpenSSL. Specifically an OpenSSL version below 1.1.1. Check the 'OpenSSL Library Version' in the 'PHP Information' screen of your Joomla back-end. As described above, these older libraries refuse to connect if the root certificate is expired, instead of skipping it and correctly continue looking for additional root certificates.

Technical information on the root certificate expiration issue.

SigridSuski

Sigrid lives in a small village near Frankfurt on the Main in Germany.
She studied electrical engineering before starting to work as a software developer for industrial products with Microsoft C++/MFC.
Since 2009, Sigrid works full time for the Sobi projects.
Her programming experiences started with Pascal and C programming languages, followed by C++, which is a good foundation for developing software for Joomla, especially since the object-oriented development techniques she is familiar with have found their way into PHP.

Besides her development work for the Sobi project, she is mainly responsible for design solutions, quality management, as well as for all business affairs and public relations. Sigrid is also responsible for the translations and documentation for SobiPro and for the corporate and demo websites of Sigsiu.NET.

Sigrid is member of the German J and Beyond e.V.. She is involved in Joomla! for many years. Her former positions include the assistant team leader of the Joomla Events Team and team leader of the Joomla Social Media team.

Sigrid enjoys cuisine, beekeeping and the outdoors in her leisure time, including spending time working in the garden. She also enjoys knitting and crocheting and taking professional product photos of the results.

Comments powered by Disqus
Powered by SobiPro
to Top