Skip to content

AMEROOT_ameroot.crt expired at Microsoft PKI distribution URL #17431

Open
Open
AMEROOT_ameroot.crt expired at Microsoft PKI distribution URL#17431
Labels
bugSomething isn't working
@jprecuch

Description

@jprecuch
jprecuch
opened on May 25, 2026

Describe the bug
It seems the MS cert we use in azurelinux ca store is now expired. I hope it can be fixed within this repo. Couldn't find some other better place.

#6 [3/6] RUN curl --retry 3 --retry-all-errors --create-dirs --output /app/ameroot.crt http://crl.microsoft.com/pkiinfra/certs/AMEROOT_ameroot.crt
#6 0.066   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
#6 0.066                                  Dload  Upload   Total   Spent    Left  Speed
#6 0.066 
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100  1370  100  1370    0     0   4499      0 --:--:-- --:--:-- --:--:--  4491
100  1370  100  1370    0     0   4498      0 --:--:-- --:--:-- --:--:--  4491
#6 DONE 0.4s

#7 [4/6] RUN openssl x509 -inform DER -outform PEM -in /app/ameroot.crt -out /etc/pki/ca-trust/source/anchors/ameroot.pem
#7 DONE 0.1s

#8 [5/6] RUN update-ca-trust extract && openssl verify /etc/pki/ca-trust/source/anchors/ameroot.pem
#8 0.629 DC=GBL, DC=AME, CN=ameroot
#8 0.629 error 10 at 0 depth lookup: certificate has expired
#8 0.629 error /etc/pki/ca-trust/source/anchors/ameroot.pem: verification failed
#8 ERROR: process "/bin/sh -c update-ca-trust extract && openssl verify /etc/pki/ca-trust/source/anchors/ameroot.pem" did not complete successfully: exit code: 2
------
 > [5/6] RUN update-ca-trust extract && openssl verify /etc/pki/ca-trust/source/anchors/ameroot.pem:
0.629 DC=GBL, DC=AME, CN=ameroot
0.629 error 10 at 0 depth lookup: certificate has expired
0.629 error /etc/pki/ca-trust/source/anchors/ameroot.pem: verification failed

curl -fsSL -o /tmp/ameroot.crt http://crl.microsoft.com/pkiinfra/certs/AMEROOT_ameroot.crt
openssl x509 -inform DER -in /tmp/ameroot.crt -noout -dates -subject

notBefore=May 24 22:52:54 2016 GMT
notAfter=May 24 22:57:03 2026 GMT
subject= /DC=GBL/DC=AME/CN=ameroot

To Reproduce
See above for the steps.

Expected behavior
Renewed certifiace should be published

Screenshots
If applicable, add screenshots or log outputs to help explain your problem.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions