The Appliance Birth Registration Certificate Authority (ABRCA) root CA certificate is the ultimate root of trust for all appliance certificates that Symantec products use. Symantec has created a new ABRCA root CA certificate to replace the one expiring in December 2021. Before the older root CA certificate expires, ensure that the new root CA certificate is installed on your Advanced Secure Gateway appliances. The new certificate will have an expiration date of December 31, 2037.
IMPORTANT: The information in this article has changed. After additional testing, it was discovered that manually updating the trust package and appliance certificate was not sufficient. Advanced Secure Gateway requires a software upgrade to do proper certificate validation during Content Analysis subscription downloads.
The continued operation of your Advanced Secure Gateway appliances requires that you complete the following actions in a timely manner. To ensure the uninterrupted operation of your appliances, request a new appliance certificate and perform a software update by August 31, 2021.
To retrieve a new appliance certificate, use the following command line interface (CLI) commands:
Loading factory certificate from keyring
Storing factory certificate in permanent store
Upgrade to a supported Advanced Secure Gateway release.
|Release Version||Release Date|
|Advanced Secure Gateway 18.104.22.168||Released on March 24, 2021|
|Advanced Secure Gateway 7.2.6||Released on April 13, 2021|
|Advanced Secure Gateway 7.3.3||Released on April 28, 2021|
IMPORTANT: All Advanced Secure Gateway appliances must be updated to this version. Any previous versions will not be supported after November 2021.
After upgrading, verify that an appropriate trust package is installed. Use the following ProxySG CLI command:
#show security trust-package
In the command output, look for the date beside Creation time. The date should be October 13 2020 or later.
If the appliance certificate expires, certain appliance-to-back-end communications flows that use the appliance certificate for authentication might stop working correctly, including:
Other issues, yet to be identified, might also occur.