Expiring Certificate - Entrust.net Secure Server Certification Authority

Summary

The Notifications window in the ISAM dashboard shows following warning: Certificate expires in <xx> days: Entrust.net Secure Server Certification Authority

In order to get rid of this warning it should be perfectly safe to delete that expiring Root CA certificate from the pdsrv SSL certificate database as it was discontinued from use back in 2014 as per
https://www.entrust.com/get-support/ssl-certificate-support/discontinuing-public-trust-for-1024-bit-rsa-root/

Those certificates are added when the keystore is created.

There is no mechanism to automatically update them.

Any certificate signed by an expiring CA cert will also have expired by the time the CA certificate expires.
So, if you have only this CA expiring message, it looks like no signed cert will be affected.

Any expiring or expired CA certificates can be safely deleted via
Manage System Settings > Secure Settings > SSL Certificates, select pdsrv, then select Manage > Edit SSL Certificate Database
Edit Keystore in Signer Certificates Tab, select the appropriate certificate, then Delete

Also, new CA certificates can be loaded into a keystore via the
Edit Keystore-> Signer Certificates Tab -> Manage -> Load / Import