[ALERT] Upgrade of the ProxySG and ASG Trust Package - November 6, 2020


Article ID: 185058


Updated On:


Advanced Secure Gateway Software - ASG ProxySG Software - SGOS





Reference the attached document below for a complete list of upgrades to the ProxySG and Advanced Secure Gateway (ASG) Trust package.

ProxySG and Advanced Secure Gateway (ASG) will be getting an upgrade to their Trust Package on November 6, 2020.

Note: Expired certificates remain included in the CA store and in the browser-trusted CCL. The expired certificates need to be manually removed from the browser-trusted CCL in order for third-party security analysis devices to not send warnings.  The command "show security trust-package”, which lists CA store changes, will still list expired certificates that have been removed from the browser-trusted list.

Expired Certificates can stay in the trust package as long as a valid duplicate certificate is served when available. We are monitoring the trust package to ensure that only expired certificates without a duplicate certificate are left in the trust package.


Action Required

Instructions to install the new trust package 

Update the trust package by connecting to the CLI console via ssh and issuing the following commands:

  1. proxy>enable
  2. proxy#configure terminal
  3. load trust-package

You will see the following:

Downloading from "http://appliance.bluecoat.com/sgos/trust_package.bctp"
The trust package has been successfully downloaded.

Details can be found in the event-log which contains specific entries for certificate store and certificate list updates provided by the trust package.

If the trust package download url configured on the proxy is not "http://appliance.bluecoat.com/sgos/trust_package.bctp" then you can change it as follows:

  1. proxy>enable
  2. proxy#configure terminal
  3. (config)security trust-package download-path http://appliance.bluecoat.com/sgos/trust_package.bctp


1604679372624__Trust Package upgrade 13Oct20.pdf get_app