TL;DR - CabMD uses certificates by a widely used public non-profit organization called "Let's Encrypt" because they are free, simple to install and are more secure. Unfortunately, they've had to make some changes that require Internet users to keep their systems updated because of how certificates have to be trusted by the operating system. No updates to your operating system or browser in a long time will lead to this issue, or if you're using an unsupported operating system and/or browser.
For a long time, CabMD bought very expensive SSL certificates from industry-standard organizations like Comodo. In 2014, a non-profit organization called Let's Encrypt was created to break up the price-fixing activity of SSL certificate providers and provide encryption certificates at no charge in order to facilitate a more secure Internet.
This was great as certificates were very expensive and difficult to install. We decided to switch to Let's Encrypt certificates which are renewed every 90 days through an automated process. This worked perfectly for a very long time.
At some point over the last few months, we've had complaints from a very small set of users who are seeing notes like this:
What's important to note here, is that the certificate isn't actually expired but rather that the operating system notes it is "untrusted". That's because the operating system in use here isn't updated and doesn't have the necessary information to note that the credentials in use here are actually very trusted by over 260 million sites worldwide.
This is being caused by something called Transitioning to ISRG's Root, which has been delayed but is the root cause of this issue for these users. While we could make some changes to increase backwards compatibility for these users, we think it's better if we ask users to update their systems. After all, these computers are being used to enter patient information so security is paramount.
So, what can you do?
The easiest way to test if you have a problem right now (September 2021) is if you browse to https://valid-isrgrootx1.letsencrypt.org/. If you can view that site without a security warning, then you can browse to CabMD without any issues as well. This might change as these changes are making their way through approval processes, but we'll keep this article updated with the right information as much as possible.
Update, update, update. Software, especially that of operating systems like Microsoft Windows and Apple OSX are just as susceptible to becoming outdated and obsolete (and insecure) as everything else, which means that users need to make sure they are applying any/all updates to their systems semi-regularly. We here at Clinical Support Systems keep our systems updated on a very regular schedule, due to the fast-paced nature of issues and the nature of our business but users should also try and keep their systems as updated as possible given the nature of their work as well.
For Safari users, you'll have more problems than most because browser updates aren't delivered separately from your operating system updates (OSX) and even more, Apple doesn't let you update to the latest version if you're not on a more recent version. This is unlike Microsoft Windows in which browser updates are separate. As of today, Windows 11/10/8.1/8/7/Vista/etc call all use the latest version of Microsoft Edge v92. It appears that only MacOS Sierra (which is tied to Safari 10.1) or higher contain the right updates by Apple themselves to handle this change so using anything below macOS 10.12.1 could potentially show this issue.
As per Let's Encrypt, this is what is supported with no intervention.
Windows >= XP SP3 (assuming Automatic Root Certificate Update isn’t manually disabled)
iPhone 5 and above can upgrade to iOS 10 and can thus trust ISRG Root X1
Ubuntu >= xenial / 16.04 (with updates applied)
Debian >= jessie / 8 (with updates applied)