Hi, It seems that the openssl update is not happening soon. Can you please include the 1024bit certificates again to solve this regression?
If you need help with determining what certificates are used in cross signing let me know. My general idea would be to include the removed certificates again if they are still valid and have not been revoked by the issuer. Regards Christian