Description

Starting from May 15, 2024 and until September 30, 2024, the Certificate Authority (CA) used by Auth0 is updating the way it gets TLS certificates. This change is necessary due to the upcoming expiration of certain certificates. By the final date, it is expected that all certificates using the old method will expire and will be replaced.

A small number of older devices, operating systems, and applications might not be able to obtain tokens and to authenticate. For most Auth0 users, the transition will be seamless. Certificates signed by Let's Encrypt are widely trusted, and an extensive range of platforms will work with the new certificates, including recent versions of all major operating systems and browsers.

Furthermore, Auth0’s supported mobile browsers for Authentication clients will be changed as well.

The previous minimum supported versions:

• Safari iOS: 9+
• Chrome for Android: KitKat 4.4+

New minimum supported versions:

• Safari iOS: 10+
• Chrome for Android: 7.1.1+

To view the full list of supported mobile browsers and their compatibility, refer to:
https://letsencrypt.org/docs/certificate-compatibility/

Solution

To avoid untrusted certificate related errors, consider the following options:

• If you control clients connecting to your application, update their trust store to include the ISRG Root X1 certificate.
• If you use certificate pinning, remove or update your pin.
• Avoid hardcoding intermediate or root Certificate Authorities when developing applications using Auth0 services.
• To test client compatibility, load the following test URL: valid-isrgrootx1.letsencrypt.org