List of root certificates required for installing Endpoint Protection 12.1 RU4 MP1

book

Article ID: 161012

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

You need a list of Root Certificates required for installing Symantec Endpoint Protection (SEP) 12.1 RU4 MP1.

In a closed network when there is no Internet access or a Windows Server Update Services (WSUS) server, you need to install/import only the certificates that are required for a SEP RU4 MP1 installation.

Per TECH218029, updating all certificates from root.zip or by applying KB931125 there can be more certificates than required. Also, installing KB931125 on Windows 2003 servers can break all TLS communication.

Resolution

 It has been confirmed that only the 6 certificates (with their thumbprints) listed below are required to install SEP 12.1 RU4 MP1, under Trusted Root.

 

3 Microsoft Certificates:

  • a4 34 89 15 9a 52 0f 0d 93 d0 32 cc af 37 e7 fe 20 a8 b4 19 : Microsoft Root Authority
  • 3b 1e fd 3a 66 ea 28 b1 66 97 39 47 03 a7 2c a3 40 a0 5b d5 : Microsoft Root Certificate Authority 2010
  • cd d4 ee ae 60 00 ac 7f 40 c3 80 2c 17 1e 30 14 80 30 c0 72 : Microsoft Root Certificate Authority
 

2 Symantec Certificates (formerly Verisign)

  • a1 db 63 93 91 6f 17 e4 18 55 09 40 04 15 c7 02 40 b0 ae 6b : Class 3 Public Primary Certification Authority
  • 4e b6 d5 78 49 9b 1c cf 5f 58 1e ad 56 be 3d 9b 67 44 a5 e5 : Verisign Class 3 Public Primary Certification Authority - G5
 

1 Thawte Timestamping CA Certificate

  • be 36 a4 56 2f b2 ee 05 db b3 d3 23 23 ad f4 45 08 4e d6 56 : Thawte Timestamping CA