In this document, we are going to demonstrate how to fix the "Connection Not Secure"  error caused by the Let's Encrypt root certificate "Identrust-DST-Root-CA-x3" expiry.

The Let's Encrypt root certificate Identrust-DST-Root-CA-x3 is not valid after 30th September 2021. Users who use older versions of the operating system and browser will be facing a connection insecure error while accessing the Freshworks portal.

The easiest way to find out if one is affected or not is to visit this link -

https://valid-isrgrootx1.letsencrypt.org/

If the page loads fine then the OS/browser supports the root certificate and nothing else needs to be done.


The following table lists the affected OS and browser combinations, along with possible solutions. 

Operating System

Browser

Affected / FW Supported

Possible Solution

Windows >= 7

Mozilla Firefox < 50

Affected

Upgrade to Mozilla Firefox > 50

Windows >= 7*


*assuming Automatic Root Certificate Update isn’t manually disabled


Any Other Browser

Not Affected

NA

Windows < 7

Any Browser

Not Supported

1. Use Mozilla Firefox > 50

OR

2. Upgrade to Windows >=  7

macOS > 10.9

Mozilla Firefox < 50

Affected

Upgrade to Mozilla Firefox > 50

macOS > 10.9

Any other Browser

Affected

1. Use Mozilla Firefox > 50

OR

2. Manually add ISRG X1  Root Certificate: Link

OR 

3. Upgrade to macOS > 10.12.1

macOS < 10.9

Any Browser

Not Supported

1. Use Mozilla Firefox > 50

OR

2. Manually add ISRG X1  Root Certificate: Link

OR 

3. Upgrade to macOS > 10.12.1

macOS > 10.12.1

Mozilla Firefox < 50

Affected

Upgrade to Mozilla Firefox > 50

macOS > 10.12.1

Any other Browser

Not Affected

NA

Android < 7

Any Browser

Not Supported

Android >= 2.3.6 will work.

If not, Upgrade to Android 7 or above

Android > 7.1.1

Any Browser

Not Affected

NA

IOS < 10

Any Browser

Not Supported

Upgrade to IOS > = 10

IOS > = 10

Any Browser

Not Affected

NA



FOR MAC OS 

Note: If your operating system is MACOS < 10.9 (Mavericks), we request you to upgrade to the latest OS. 

Scope

Affected OS Version 

Affected Browser Version

Affected OS

MacOS < 10.12.1

Firefox < 50. Firefox stores its own builtin cert store. So we recommend you to update your Firefox to the latest version.


Affected OS supported by Freshworks 

OS X 10.9    Mavericks    

OS X 10.10    Yosemite    

OS X 10.11    El Capitan


Other Browsers like chrome,safari,etc.. use their operating systems certificate store. So ensure the OS is upgraded to the latest version.

Procedure to Add ISRG X1 root certificate:


  • If you are facing a "Your connection is not private" error while accessing the portals, Here is what you have to do.

     


  • Visit the Let's encrypt home site and download the ACTIVE version of the ISRG Root X1 Certificate. (Pem format) 



  • After you download the certificate go to the keychain Access



  • Select File > Import Items. Navigate to the file downloaded. Select System as "Destination Keychain".




  • Enter password where-ever prompted.

  • Logoff to take effect.

  • On some Mac OS versions you need to do the following:

    • Right-click on the certificate in Keychain Access and select Get Info

    • Expand the Trust section

    • Under When using this certificate select Always Trust.

For Windows:


If your operating system is Windows XP < SP3 we request you to upgrade to the latest OS to access the portal using a secure connection.


Scope

Affected Version

Affected Browser Version

Affected OS

Windows XP < Sp3

Firefox < 50. Firefox has its own built-in cert store. It is recommended to update Firefox to the latest version.

Other Browsers like chrome, safari, etc.. use their operating systems certificate store. So ensure the OS is upgraded to the latest version.

Affected OS supported by Freshworks 

N/A


NoteIn order to use our portals securely, Freshworks recommends using Windows 7 or higher with Automatic Root Certificate Update enabled.