Update the ABRCA Root CA Certificate for the Content Analysis Appliance (Revised: June 11, 2021)

book

Article ID: 207138

calendar_today

Updated On:

Products

Content Analysis Software Content Analysis Software - CA

Issue/Introduction

The Appliance Birth Registration Certificate Authority (ABRCA) root CA certificate is the ultimate root of trust for all appliance certificates that Symantec products use. Symantec has created a new ABRCA root CA certificate to replace the one expiring in December 2021. The new certificate will have an expiration date of December 31, 2037. 

IMPORTANT: The information in this article has changed. After additional testing, it was discovered that manually updating the trust package and appliance certificate was not sufficient. Content Analysis requires a software upgrade to do proper certificate validation during subscription downloads.

The continued operation of your Content Analysis appliances requires that you complete the following actions in a timely manner. To ensure the uninterrupted operation of your appliances, request a new appliance certificate and perform a software update by August 31, 2021.

Note: To update Content Analysis applications on Integrated Secure Gateway (ISG), refer to Integrated Secure Gateway Birth Registration Certificate Authority (ABRCA) Root CA Certificate Update for instructions.

Resolution

Update the Hardware Appliance Certificate

Note: Ensure that the appliance can access abrca.bluecoat.com for appliance certificate downloads.

To update the appliance certificate on a hardware appliance, log into the Content Analysis command line interface (CLI) and enter the following command:

CAS# request-appliance-certificate
ok

 

Update the Virtual Appliance Certificate

Note: Ensure that the appliance can access abrca.bluecoat.com for appliance certificate downloads.

To update the appliance certificate on a virtual appliance, log into the Content Analysis CLI and enter the following command:

CAS(config)# licensing load username <username> password <password>
ok

where username and password are your myBroadcom licensing portal credentials.

Upgrade Content Analysis

Upgrade to a supported Content Analysis release.

Release Release Date

Content Analysis 2.4.2.1

Note: Content Analysis 2.4.2.0 was previously released with the updated ABRCA root CA
certificate. Version 2.4.2.0 is no longer available and is superseded by version 2.4.2.1. If you
are currently running Content Analysis 2.4.2.0 or any earlier release, please upgrade to version
2.4.2.1.

June 11, 2021
Content Analysis 3.1.2.2 April 27, 2021

 

IMPORTANT: All Content Analysis appliances must be updated to this version. Any previous versions will not be supported after November 2021.

Monitor this KB article for any updates to this schedule. For upgrade instructions, refer to KB169313. When the release is available, you can download the software package from the Broadcom download portal.

 

 

Consequences of an Expired Appliance Certificate

If the appliance certificate expires, certain appliance-to-back-end communications flows that use the appliance certificate for authentication might stop working correctly, including:

  • Appliance certificate update
  • Licensing automatic update
  • Subscription updates
  • Diagnostics and Heartbeat uploads

Other issues, yet to be identified, might also occur.