Skip to content
Search to learn about InterSystems products and solutions, career opportunities, and more.

Advisory: Expiring Certificate Authority Certificates

December 8, 2020 – Advisory: Expiring Certificate Authority Certificates

InterSystems has identified an issue with product distributions containing Certificate Authority certificates that expire at the end of 2020. This issue does not affect system operation or system security in any way, although it does generate alerts about expiring certificates in the cconsole.log or messages.log files. The messages may be ignored and there are instructions below to eliminate them.

The issue affects the following versions:

  • Caché and Ensemble 2017.1, 2017.2, and 2018.1
  • All released versions of InterSystems IRIS and InterSystems IRIS for Health
  • HealthShare products based on the above versions

The System Monitor generates these messages because <install-dir>/dev/CACerts/AllCA.cer is referenced in ISC.FeatureTracker.SSL.Config. The file AllCA.cer contains certificates that expire at the end of 2020. Its use has been deprecated starting with Caché and Ensemble 2018.1.4, and IRIS 2020.1.0+.

The recommended mitigation is to remove or rename <install-dir>/dev/CACerts/AllCA.cer. Note that this file may be re-created if you upgrade an instance, so you may need to perform this mitigation step after each upgrade to or installation of an affected version. The expiring certificates will no longer be included in distributions starting with Caché and Ensemble 2018.1.5, IRIS 2019.1.2, and IRIS 2020.1.1.

Deleting this file does not affect any default InterSystems product functionality or the security of any provided software utilities. If your Caché or Ensemble application uses AllCA.cer or the ThawteCA.cer file (in the same directory), please contact the Worldwide Response Center (WRC) for assistance.

If you have any questions regarding this alert, please contact the Worldwide Response Center.

Example cconsole.log/messages.log entries (note that there may be variations depending on version):

12/02/20-11:00:25:869 (9968) 2 [Utility.Event] 6 SSL/TLS Certificate(s) expiring within 30 days. See messages.log for details.

12/02/20-11:00:25:871 (9968) 1 [Utility.Event] Certificate 0 Issuer CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA (Subject CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA)  expires in 29 days (2020-12-31).

12/02/20-11:00:25:873 (9968) 0 [Utility.Event] Certificate 0 Issuer CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA in file C:\InterSystems\20201IRIS\dev\CAcerts\AllCA.cer used by configuration(s) SSL/TLS - "ISC.FeatureTracker.SSL.Config"

12/02/20-11:00:25:875 (9968) 1 [Utility.Event] Certificate 0 Issuer emailAddress=personal-basic@thawte.com,CN=Thawte Personal Basic CA,OU=Certification Services Division,O=Thawte Consulting,L=Cape Town,ST=Western Cape,C=ZA (Subject emailAddress=personal-basic@thawte.com,CN=Thawte Personal Basic CA,OU=Certification Services Division,O=Thawte Consulting,L=Cape Town,ST=Western Cape,C=ZA)  expires in 29 days (2020-12-31).

12/02/20-11:00:25:932 (9968) 0 [Utility.Event] Certificate 1 Issuer emailAddress=premium-server@thawte.com,CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA in file C:\InterSystems\20201IRIS\dev\CAcerts\AllCA.cer used by configuration(s) SSL/TLS - "ISC.FeatureTracker.SSL.Config"

12/02/20-11:00:25:947 (9968) 0 [Utility.Event] Certificate 1 Issuer emailAddress=server-certs@thawte.com,CN=Thawte Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA in file C:\InterSystems\20201IRIS\dev\CAcerts\AllCA.cer used by configuration(s) SSL/TLS - "ISC.FeatureTracker.SSL.Config"

These messages are generated at 11am each day, and after each restart.

Latest Alerts & Advisories

Aug 15, 2024
InterSystems has corrected a defect that can cause database corruption or errors with multi-volume databases under extremely rare circumstances. Only databases that have been truncated are at risk.
Jul 24, 2024
There are four alerts in the HS2024-03 Alert Communication. A summary of each alert is shown below. Details for each alert are contained in the linked document.
Jun 24, 2024
Broadcom recently announced a problem that can cause data consistency errors in database applications. The Broadcom article is available here:
May 30, 2024
Beginning with the release of InterSystems IRIS® data platform 2022.3, InterSystems corrected the license enforcement mechanism to include REST and SOAP requests. Due to this change, environments with non-core-based licenses that use REST or SOAP may experience greater license utilization after upgrading. To determine if this advisory applies to your InterSystems license, follow the instructions in the FAQ linked below.
May 01, 2024
InterSystems has corrected an issue that can cause a small number of SQL queries to return incorrect results. See below for the specifics on impacted queries.
Apr 08, 2024
InterSystems has encountered a defect that causes some upgrades of HealthShare® Health Connect to fail. This only affects instances that are not licensed for the use of FHIR® and that have interoperability-enabled namespaces. Under these conditions, the upgrade fails with an error.
Mar 19, 2024
In evaluating an IBM Support notification, InterSystems has determined a potential impact for our customers. The notification in question is:
Feb 27, 2024
There is 1 alert in the HealthShare HS2024-limited Alert communication. An alert summary for the issue is shown is in the table below. Details for the alert are contained in the attached document: HS2024 Limited Communication.
Feb 01, 2024
There are 2 alerts in the HealthShare HS2024-02 Alert communication. An alert summary for each issue is shown is in the table below. Details for each alert are contained in the attached document: HS2024-02-Communication.