Required DigiCert G2 Root CA updates for VIP Enterprise Gateway and VIP integrations for AD FS, IIS and Apache
search cancel

Required DigiCert G2 Root CA updates for VIP Enterprise Gateway and VIP integrations for AD FS, IIS and Apache

book

Article ID: 278868

calendar_today

Updated On:

Products

VIP Service

Issue/Introduction

In July 2025, Broadcom will reissue SSL certificates for VIP endpoints from the DigiCert Global Root G2 CA. Click here for more information.

The following components are affected by this change. 

  • VIP Enterprise Gateway 9.10.x and older
  • VIP Integration for AD FS (Active Directory Federation Services)
  • VIP Integration for Apache
  • VIP Integration for IIS

Action is required to avoid a service disruption

Resolution

What is happening?

In July 2025, Symantec VIP will be reissuing SSL certificates from the DigiCert Global Root G2 CA. The exact date\time will be updated to this page soon.

What action is required?

  • VIP Integration module for AD FS: Download Active_Directory_Federation_Services.zip from VIP Manager and follow upgrade instructions here
  • VIP Integration module for Microsoft IIS: Download Internet_Information_Services.zip from VIP Manager and refer to instructions here
  • VIP Integration module for Apache: Download Apache.zip ) from VIP Manager and refer to instructions here
  • VIP Enterprise Gateway:
VIP Enterprise Gateway Version: Required Action:
9.11 or later The new G2 root CA chain is included. No action is required. 
9.10.x Run the G2 Import Tool (see below) to load the new G2 CA into the VIP Enterprise Gateway root store. 
9.9.2 Run the G2 Import Tool (see below) to load the new G2 CA into the VIP Enterprise Gateway root store.
(note: 9.9.2 support ends on 31 Jan 2025)
9.9.1, 9.9.0, 9.8.x and older

 An upgrade to version 9.11 is required to avoid a service disruption. 

Click here for the VIP Enterprise Gateway installation and upgrade guides.

(note: 9.9.1 and older are no longer unsupported)

 

VIP Enterprise Gateway G2 Import Tool Instructions:

  • Download and unzip the attached VIP_EG_G2Support.zip to a temp location.
  • Open an administrator command prompt/shell and navigate to the extracted location of the VIP_EG_G2Support.zip.
  • Windows:
    • VIP EG 9.9.x, type: 
      set "VRSN_MAUTH_HOME=C:\Program Files (x86)\Symantec\VIP_Enterprise_Gateway"
    • VIP EG 9.10.x, type:
      set "VRSN_MAUTH_HOME=C:\Program Files\Symantec\VIP_Enterprise_Gateway"
    • Type g2support.bat and press enter 

  • Linux:
    • Type export VRSN_MAUTH_HOME=<VIP_EG_Install_ Directory> and press enter
    • Type g2support.sh and press enter 
  • The script may take a few minutes to run. You may see a warning message "WARNING: Runtime environment or build system does not support multi-release JARs. This will impact location-based features."
  • The message "Changes to certificate Store(s) saved successfully" indicates the script is complete.
  • To confirm successful import, navigate to <VIP_EG_install_location>\jvm\bin
  • For VIP EG 10.x, type keytool -printcert -file "C:\Program Files\Symantec\VIP_Enterprise_Gateway\conf\root.pem" >C:\certs.txt (adjust the path, if necessary)
  • For VIP EG 9.9.2, type keytool -printcert -file "C:\Program Files (x86)\Symantec\VIP_Enterprise_Gateway\conf\root.pem" >C:\certs.txt (adjust the path, if necessary)
  • View the contents of the C:\certs.txt file  to confirm the presence of the required CN=DigiCert Global Root G2

Attachments

VIP_EG_G2Support.zip get_app
Powered by Wolken Software