We get our SSL certificates from the InCommon Alliance who resells Comodo/Sectigo certs to HigherEd. Comodo used to issue from the AddTrust root that was valid from 2000 until roughly Saturday 2020. Somewhere around 2015, they saw the expiration coming and issued a new root under the USERTrust name. Knowing it would take a few years to circulate, they arranged a cross-signing, where AddTrust signs the USERTrust root, allowing a client to choose either path to validate a certificate. Once we pass