It was recently discovered that Cogneato websites’ HTTPS certificates were cross-signed by an expired AddTrust certificate, and were showing security warnings in old versions of Safari. This was an issue with Sectigo certificates, which are used by Namecheap, where Cogneato buys its certs. Luckily, Namecheap provides options to download or reissue the cert with a different cross-signer of AAA.

The AddTrust / AAA cross signing was / is used to support older user agents that don’t have the UserTrust root that Sectigo uses for modern user agents. The AddTrust root certificate expired in May. Namecheap and Sectigo seem to downplay the importance of the issue, but there are still El Capitan and older computers in use. My main computer was running it until recently, and my work computer still is. I guess I hadn’t tested any of our HTTPS sites in Safari since May. I don’t know how many El Capitan users are out there, but at least one client’s client had an issue and brought it to our attention. They’d probably be safer to use Firefox or Chrome, but that’s their choice. This AAA cross-signer will buy them more time: Looks like the cert expires in 2028.