[ALERT] Upgrade of the ProxySG and ASG Trust Package - November 6, 2020

book

Article ID: 185058

calendar_today

Updated On:

Products

Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

Severity

Information

Description

Reference the attached document below for a complete list of upgrades to the ProxySG and Advanced Secure Gateway (ASG) Trust package.

ProxySG and Advanced Secure Gateway (ASG) will be getting an upgrade to their Trust Package on November 6, 2020.

Note: Expired certificates remain included in the CA store and in the browser-trusted CCL. The expired certificates need to be manually removed from the browser-trusted CCL in order for third-party security analysis devices to not send warnings.  The command "show security trust-package”, which lists CA store changes, will still list expired certificates that have been removed from the browser-trusted list.

Expired Certificates can stay in the trust package as long as a valid duplicate certificate is served when available. We are monitoring the trust package to ensure that only expired certificates without a duplicate certificate are left in the trust package.

Resolution

Action Required

Instructions to install the new trust package 

Update the trust package by connecting to the CLI console via ssh and issuing the following commands:

  1. proxy>enable
  2. proxy#configure terminal
  3. load trust-package

You will see the following:

Downloading from "http://appliance.bluecoat.com/sgos/trust_package.bctp"
The trust package has been successfully downloaded.

Details can be found in the event-log which contains specific entries for certificate store and certificate list updates provided by the trust package.

If the trust package download url configured on the proxy is not "http://appliance.bluecoat.com/sgos/trust_package.bctp" then you can change it as follows:

  1. proxy>enable
  2. proxy#configure terminal
  3. (config)security trust-package download-path http://appliance.bluecoat.com/sgos/trust_package.bctp

Attachments

1604679372624__Trust Package upgrade 13Oct20.pdf get_app