Update the ABRCA Root CA Certificate on Reporter Appliances (Revised: September 16, 2021)


Article ID: 207141


Updated On:




The Appliance Birth Registration Certificate Authority (ABRCA) root CA certificate is the ultimate root of trust for all appliance certificates that Symantec products use. Symantec has created a new ABRCA root CA certificate to replace the one expiring in December 2021. Before the older root CA certificate expires, ensure that the new root CA certificate is installed on your appliances. The new certificate will have an expiration date of December 31, 2037.

When the root certificate expires, some features that use the appliance certificate for authentication will fail. See the end of this article for additional details.


IMPORTANT: The information in this article has changed. After additional testing, it was discovered that manually updating the trust package and appliance certificate was not sufficient for all products. Reporter requires a software upgrade to do proper certificate validation during subscription downloads. 

You must upgrade Reporter to the release (or later), which includes the new ABRCA root CA certificate. You must then verify that the trust package and appliance certificate were updated properly.

The continued operation of your Reporter appliances requires that you complete the following actions in a timely manner. To ensure the uninterrupted operation of your appliances, request a new appliance certificate and perform a software update by August 31, 2021 to allow for adequate testing and troubleshooting before the certificate expires.

Recovery: What to Do If You Fail to Update Before the Certificate Expires

If you fail to update your Reporter appliances before the root CA expires in December 2021, your appliances might experience failures as described in "Consequences of an Expired Appliance Certificate." The steps to renew the certificate are identical, whether you renew the root CA before, or after, the certificate expires. To renew the certificate, follow the steps in this article to upgrade to a new build that contains the updated trust package.

Available Releases

The following Reporter release includes the updated ABRCA root CA certificate.

Release Anticipated GA
Reporter Released on April 21, 2021

Monitor this KB article for any updates to this release schedule. For upgrade instructions, refer to the Reporter release notes for your version. You can download the software package and release notes (when they are released) from the Broadcom download portal.    

Manually Update the Appliance Certificate– (Optional, Unless the Appliance Certificate Did Not Update)

You can update the appliance certificate (by updating the license) before, or after, upgrading to Reporter    

  1. Log on to the CLI.
  2. Enter privileged mode from standard mode by using the enable command. The prompt changes from a > to a #, indicating that you are in privileged mode.
  3. At the # command prompt, enter the following command to either retrieve or paste the license into the CLI to install manually:
 (config)# licensing load (Retrieves the license from Broadcom)
 (config)# licensing inline eof <cr> <license text> eof

Verify That the Appliance Certificate Update was Successful

# licensing view
Appliance Serial Number  : 1000413203
Model                    : RP-V50
Date Generated           : 2021-03-03

Verify that the Trust Package Update was Successful

To verify that the update was successful, enter the following command:

(config-ssl)# trust-package view
Trust package download completed. No update required

You can also view the individual certificates:

(config-ssl)# view ca-certificate ABRCA_root

Name:           ABRCA_root


/C=US/ST=California/L=Sunnyvale/O=Blue Coat Systems, Inc./OU=Blue Coat, ABRCA/CN=abrca.bluecoat.com/[email protected]


/C=US/ST=California/L=Sunnyvale/O=Blue Coat Systems, Inc./OU=Blue Coat, ABRCA/CN=abrca.bluecoat.com/[email protected]

Valid From:     Sep 11 12:04:16 2020 GMT

Valid Until:    Dec 31 12:04:16 2037 GMT



(config-ssl)# view ca-certificate BC_Cloud_Services_Root_CA

Name:           BC_Cloud_Services_Root_CA


/C=US/O=BlueCoat Systems, Inc./CN=Cloud Services Root CA


/C=US/O=BlueCoat Systems, Inc./CN=Cloud Services Root CA

Valid From:     Sep 06 12:00:00 2011 GMT

Valid Until:    Sep 05 11:59:59 2036 GMT




Consequences of an Expired Appliance Certificate

If the appliance certificate expires, the following failures might occur:

  • Appliance certificate update
  • Licensing updates
  • Subscription updates
  • Diagnostics and Heartbeat uploads
  • License validation services will not work on virtual appliances:
    • Failures for more than 7 days will disable the license

Other issues, yet to be identified, might also occur.