Root Certificates
For the odd user running into a "Cannot reach server" error.
Last updated
For the odd user running into a "Cannot reach server" error.
Last updated
All macOS versions older than Catalina (10.15) use an expired root certificate, which can cause secure connections to online servers to fail. Therefore, activation and deactivation are not possible without removing the expired certificate first. ()
This only affects older app versions, not current releases:
Hedge older than 21.2.3
FoolCat older than 21.2.2
Canister older than 21.2.9
To remove the expired certificate, make sure to go through the following steps:
This process may seem a bit overwhelming, but every single little step has been documented, so in practice, it is not so bad — you can do it 😁
1. Open Finder and choose "Go to Folder" in the "Go" menu (Shift-CMD-G):
2. Enter this path /etc/ssl/cert.pem and click Go
3. Before editing the cert.pem file, duplicate it by right-clicking → Duplicate (Authenticate when prompted for your password):
4. In Finder, right-click on cert.pem → Open With → Other...
5. Select TextEdit to open the file:
6. Search for 44:af:b0:80:d6:a3:27:ba:89:30:39:86:2e:f8:40:6b (The ID of the expired certificate):
7. Remove everything from ### Digital Signature Trust Co. until -----END CERTIFICATE-----
It can be that the first 3 lines containing the description of the certificate are missing. In that case, remove everything from Certificate: until -----END CERTIFICATE-----
8. Chose Duplicate when prompted on removing the expired certificate:
9. Close the file, and save as cert.pem in Documents:
10. Use .pem as extension
11. Move the duplicate cert.pem that you saved in Documents to /etc/ssl and Authenticate with your password when prompted.
12. Choose Replace when prompted:
13. Now, you can continue activating your Hedge, Foolcat, or Canister app 🎉
