DST Root CA X3 expires, breaking legacy TLS trust AI-researched
Dependency: TLS trust chain / root certificates
When the DST Root CA X3 cross-sign expired, older clients without ISRG Root X1 trust began failing TLS validation for many HTTPS sites — an under-documented but common failure mode for net art on legacy hardware.
Affected Artworks
Martine Neddam
Long-lived net artwork often accessed/preserved via legacy setups. Legacy clients may fail HTTPS validation.
Beat Brogle & Philippe Zimmermann
Loads many third-party resources over HTTPS. Legacy clients may reject certificate chains.
Fixes & Mitigations
- Workaround: Update OS/browser trust stores or replace legacy clients with a maintained environment.
- Archive: For exhibitions: local mirroring (WARC replay) to minimize live TLS dependencies.
Certificate trust shifted as older cross-signatures expired and modern roots became the default. Legacy devices and unpatched OS/browser stacks can no longer validate common certificate chains.
Notes
This is a “hidden extinction”: the dependency change is global infrastructure, not an art platform. It disproportionately affects museums using older kiosk systems.