Identity Security has removed a specific option in cert.tamu.edu when downloading a certificate that included an older root certificate that is signed with a SHA-1 algorithm.
The new Certificate With Chain option replaces the old Certificate w/ chain option and includes 3 certificates, not 4. The problematic root was signed by AAA Certificate Services.
While this root was often still in host root trust stores, because of its older signature algorithm many platforms began to see it as untrusted, especially on servers running Java environments.
Removing it from the downloadable chain helps IT pros avoid unnecessary certificate troubleshooting and helps keep our campus secure.
Please reach out to identity@tamu.edu if you have any concerns or have a backwards compatibility reason to include the older root.
- IT Security & Risk Team