Update the ABRCA Root CA Certificate for the SSL Visibility Appliance (Revised: March 26, 2021)

book

Article ID: 207140

calendar_today

Updated On:

Products

SSL Visibility Appliance Software

Issue/Introduction

The Appliance Birth Registration Certificate Authority (ABRCA) root CA certificate is the ultimate root of trust for all appliance certificates that Symantec products use. Symantec has created a new ABRCA root CA certificate to replace the one expiring in November 2021. If the ABRCA root CA certificate is not updated on the appliance, some features that use the appliance certificate for authentication will fail.

Warning: To ensure the uninterrupted operation of your SSL Visibility appliances, you must make it a priority to complete the updates by the following dates:

  • Upgrade to SSL Visibility 4.5.6.1 (released May 10, 2021) by October 31, 2021 

  • Update your license on each appliance by October 31, 2021

Resolution

Requirements

Note: Ensure that the appliance can access the download.bluecoat.com domain to download the virtual appliance license.

To update the ABRCA root CA certificate on your SSL Visibility appliance, upgrade to version 4.5.6.1 when available (anticipated release date March 31, 2021) and then upgrade your license by doing one of the following:

  • Automatically update the license by enabling the Auto Update License feature:

    1.  Navigate to (Platform Management) > License.

    2. On the License Settings panel, click Edit and enable the feature.

  • Manually update the license:

    1. Download a new copy of the license.

    2. Navigate to (Platform Management) > License.

    3. Click Add.

    4. On the Upload File tab, click Browse to browse to the file location, or on the Paste Text tab, paste the license text.

 

To validate that your license is up to date, navigate to (Platform Management) > License and ensure the License Status has a Current Status of OK.

To validate the certificate expiration date:

  1. From the PKI menu, open Management Trust.

  2. Select the bluecoat-appliance CA list.

  3. Select the ABRCA_root certificate.  

  4. Click on the information icon and confirm the Valid To date.
    The new certificate has an expiration date Dec 31, 2037.

Consequences of an Expired Certificate

If the certificate expires, the following issues will occur:

  • License verification failures, resulting in traffic interruption

  • Failures in offloading from SSL Visibility to ProxySG appliances

  • Failures when installing new licenses and upgrading

  • Inability to perform heartbeat uploads

Other issues, yet to be identified, might also occur.

Powered by Wolken Software