Article - CS330290
Root certificate expirations and changes in Certificate Authority (CA) TLS expiration date policies
Modified: 11-Sep-2025
Applies To
- ThingWorx Platform 8.2 to 10.0
- ThingWorx Edge MicroServer 5.4 to 5.5
- ThingWorx Edge SDK 5.0 to 7.0.1
- ThingWorx Kepware Edge (legacy) 1.0 to 1.1
Description
- Clients (such as an edge agent) use embedded root certificates to validate the server's (such as an IoT platform) certificate before establishing a secure connection with the server
- When the client can no longer connect to the server because its certificate has expired, the server administrator must renew and update the certificate
- This is normal because server certificates do not have long lifespans by design, which are shortening even more so based on recent changes made by major technology companies
- Root certificates, however, were designed to have longer expiration windows (20-25 years) because they are physically present in every client
- Unfortunately, many of these root certificates are approaching their expiration period
- Exactly when is dependent on the Certificate Authority (CA) which has provided the root certificate
- PTC is unable to comment on or modify specific expiration dates
- See the below external material for more background
- PTC does not endorse this material but merely provides it for customer awareness
- The Impending Doom of Expiring Root CAs and Legacy Clients
- Networked Devices Will Stop Working as Root Certificates Expire
This is a printer-friendly version of Article 330290 and may be out of date. For the latest version click CS330290