# Root Certificates {% hint style="info" %} Only concerns users with macOS 10.14 or older that get a "Cannot Reach Server" error. {% endhint %} All macOS versions *older* than Catalina (10.15) use an expired root certificate, which can cause secure connections to online servers to fail. Therefore, activation and deactivation are not possible without removing the expired certificate first. ([Background information](https://portswigger.net/daily-swig/lets-encrypt-root-cert-update-catches-out-many-big-name-tech-firms)) {% hint style="danger" %} This only affects older app versions, not current releases: * Hedge older than `21.2.3` * FoolCat older than `21.2.2` * Canister older than `21.2.9` {% endhint %} ![](/files/-MlFKmjSB44e94xfvyKO) To remove the expired certificate, make sure to go through the following steps: {% hint style="success" %} This process may seem a bit overwhelming, but every single little step has been documented, so in practice, it is not so bad — you can do it 😁 {% endhint %} `1.` Open Finder and choose "Go to Folder" in the "Go" menu (Shift-CMD-G): ![](/files/-MlFKuy1bHsvfSHnlkMS) `2.` Enter this path `/etc/ssl/cert.pem` and click `Go` ![](/files/-MlFLEJE5t4s3VJWI9oh) `3.` Before editing the `cert.pem` file, duplicate it by right-clicking → `Duplicate` (Authenticate when prompted for your password): ![](/files/-MlFLMJuG90ox_4VlCr3) `4.` In Finder, right-click on `cert.pem` → `Open With` → `Other...` ![](/files/-MlFL_Y8-YxD5H4-90WQ) `5.` Select TextEdit to open the file: ![](/files/-MlFLiTmNJf99W3DTRY-) `6.` Search for `44:af:b0:80:d6:a3:27:ba:89:30:39:86:2e:f8:40:6b` (The ID of the expired certificate): ![](/files/-MlFLnDsglhXFdW9N0pS) `7.` Remove everything from `### Digital Signature Trust Co.` until `-----END CERTIFICATE-----` It can be that the first 3 lines containing the description of the certificate are missing. In that case, remove everything from `Certificate:` until `-----END CERTIFICATE-----` ![](/files/-MlFLsUi4QyR9TDOrWxr) `8.` Chose `Duplicate` when prompted on removing the expired certificate: ![](/files/-MlFLxpzm0TfVOJT8q68) `9.` Close the file, and save as `cert.pem` in `Documents`: ![](/files/-MlFMWDVTd-OUVwkUAZg) `10.` Use `.pem` as extension ![](/files/-MlFMbD3dVnXQv4xY3Kt) `11.` Move the duplicate `cert.pem` that you saved in `Documents` to `/etc/ssl` and Authenticate with your password when prompted. ![](/files/-MlFMhM7uGnpijV3Hdr9) `12.` Choose `Replace` when prompted: ![](/files/-MlFMmwXyqCj8Z4xH8Vu) `13.` Now, you can continue activating your Hedge, Foolcat, or Canister app 🎉 --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.hedge.video/general/licenses/remove-dst-root-ca-x3-certificate.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.