Comment on page
Root Certificates
"Cannot reach server"
All macOS versions older than Catalina (10.15) are using a expired root certificate, which will cause secure connections to online servers to fail. That means activation and deactivation are not possible without removing the expired certificate first.
This only affects older app versions, not current releases:
- Hedge older than
21.2.3
- FoolCat older than
21.2.2
- Canister older than
21.2.9

To remove the expired certificate, make sure to go through the following steps:
This process may seem a bit overwhelming, but every single little step has been documented, so in practice, it is not so bad — you can do it 😁
1.
Open Finder and choose "Go to Folder" in the "Go" menu (Shift-CMD-G):.png?alt=media&token=4e3b8c79-d272-4227-9c8d-f2171ff78573)
2.
Enter this path /etc/ssl/cert.pem
and click Go
.png?alt=media&token=e5ad3c92-684f-460a-a806-ac72171345b9)
3.
Before editing the cert.pem
file, duplicate it by right-clicking → Duplicate
(Authenticate when prompted for your password):.png?alt=media&token=7ced02de-b63b-4af2-884a-e10d6fd58eda)
4.
In Finder, right-click on cert.pem
→ Open With
→ Other...
.png?alt=media&token=5f34db11-282f-4443-89a4-b89b5cdbe443)
5.
Select TextEdit to open the file:.png?alt=media&token=c955ad2e-c747-4c84-a1f7-8ec25f7875ce)
6.
Search for 44:af:b0:80:d6:a3:27:ba:89:30:39:86:2e:f8:40:6b
(The ID of the expired certificate):.png?alt=media&token=2ed41eb4-f844-4184-a2dc-34c624d3736e)
7.
Remove everything from ### Digital Signature Trust Co.
until -----END CERTIFICATE-----
It can be that the first 3 lines containing the description of the certificate are missing. In that case, remove everything from
Certificate:
until -----END CERTIFICATE-----
.png?alt=media&token=116f8ef7-2869-4a38-8681-e5910c98d2d8)
8.
Chose Duplicate
when prompted on removing the expired certificate:.png?alt=media&token=aa13b21e-c1f8-4a84-812a-c69e32599a28)
9.
Close the file, and save as cert.pem
in Documents
:.png?alt=media&token=745d16e6-15be-4ce8-95c0-5fad278b84b3)
10.
Use .pem
as extension.png?alt=media&token=538d02d4-a030-463d-b17d-4d126be6d821)
11.
Move the duplicate cert.pem
that you saved in Documents
to /etc/ssl
and Authenticate with your password when prompted..png?alt=media&token=b7fcd4f9-2e7c-4db3-a99f-8a5b09cd7bae)
12.
Choose Replace
when prompted:.png?alt=media&token=671441a5-ef94-4d85-b89b-ecae69160f68)
13.
Now, you can continue activating your Hedge, Foolcat, or Canister app 🎉Last modified 2mo ago