[Mojah]

This issue is largely cause by people still stuffing old root certificates in their certificate chains, and serving that to their users.

As a general rule of thumb:

1) You don't need to add root certificates to your certificate chain

2) You especially don't need to add expired root certificates to the chain

For additional context and the ability to check using `openssl` what certificates you should modify in your chain, I found this post useful: https://ohdear.app/blog/resolving-the-addtrust-external-ca-r...

[toast0]

You shouldn't need to send the root certificate (unless the clients are _really_ dumb, but I worked with a lot of dumb clients, and did not see any issues with only sending intermediates and the entity cert), but a fair number of cert chain verifiers are fairly dumb and won't stop when they get to a root they know which makes things tricky.

If some of your clients don't have the UserTrust CA, but do have the AddTrust CA, up until today, you probably wanted to include the UserTrust CA cert signed by AddTrust. Clients with the UserTrust CA should see that the intermediate cert is signed by UserTrust and not even read that cross signed cert, but many do see the cross signed cert and then make the trust decision based on the AddTrust CA.

It's hard to identify clients in the TLS handshake to give them a cert chain tailored to their individual needs; there's some extensions for CA certs supported, but they're largely unused.

[viraptor]

It depends what clients you need to support. ssllabs test for the server will tell you which ones you're compatible with. You may get some surprises with old Androids and XP. (whether you're interested in being available to them is another question)

[encoderer]

Any guess at what percentage is this versus the case where these certs are cross-signed with a newer root but older clients with outdated bundles do not trust the newer root?

(At Cronitor, we saw about a 10% drop in traffic, presumably from those with outdated bundles)

[Mojah]

Hard to say, as we don't have any insights into the client-side. But we can say that only ~2% of our clients had expiring root certificates in their chain in the last few weeks, so it's definitely a minority.

Since you don't control the clients in anyway, it might be that there are clients that haven't updated their local certificate stores in ages and don't yet trust the new root certificates.