A version of the IdenTrust Commercial Root CA 1 certificate subordinated to the IdenTrust DST Root X3, has been created to support older Android® devices running on operating systems prior to version 7.1.1. This certificate chain enables those Android devices to retain their ability to visit sites using TLS/SSL subscriber certificates issued from subordinated Certification Authorities (CAs) under the IdenTrust Commercial Root CA 1, by building a chain to the IdenTrust DST Root CA X3 which is currently installed in the earlier Android trust store. This solution works because Android intentionally does not enforce the expiration dates of certificates used as trust anchors.
Subscriber TLS/SSL certificates currently issued from these IdenTrust subordinate CAs will be able to optionally chain to IdenTrust DST Root CA X3 from this cross-signed structure: HydrantID Server CA O1, TrustID Server CA O1 and TrustID Server CA E1.
IdenTrust TLS/SSL Certificate Chain Options