04-18-2022 10:48 PM
Dears,
I received the below email :
ACTION NEEDED: Time Stamp Authority (TSA) server root certificate has expired
Dear Webex Customer,
This message is to inform you that the Time Stamp Authority (TSA) server root certificate has been updated as of April 1, 2022, from DigiCert to DigiCert Trusted Root G4.
If you haven’t already, please take action immediately to install DigiCert Trusted Root G4 on your users’ machines to avoid issues with releases and product updates delivered after April 1, 2022. You can download the DigiCert Trusted Root G4 certificate here.
Kindly advise what actions should be done from my side as the email is unclear
Thank you
04-25-2022 03:12 PM - edited 04-25-2022 03:12 PM
Cisco TAC response:
It applies to PC set up using WebEx meeting.
There are no actions required to do from the control hub.
If you are having Microsoft certificate store, there is no issues as the certificate will be updated by default, but if you are using custom certificate store, you need to add the certificate , this should be done from the IT department end
The certificate is not related only to WebEx, it is a general certificate. It could be installed /updated on user's devices as they are included in the OS/browser's trust store.
You don't need to install the Root CA certificates as they are included on your OS/ browser's trust store. you can go this link : https://trusted-root-g4.chain-demos.digicert.com - if your browser loads the page without warning. It trusts the DigiCert trusted root G4.
04-19-2022 06:51 AM
Its because webex uses digicert certs https://help.webex.com/en-us/article/WBX264/How-Do-I-Allow-Webex-Meetings-Traffic-on-My-Network?#id_135010 *.digicert.com
04-21-2022 05:22 AM
@Ashish Patel but before we didnt use to add any certificate what have changed now ?
04-21-2022 07:04 AM
Hi,
The operating system includes most of the public trusted certificate authorities' root certificates in their trusted store. Sometimes the system administrator applies/installs these certificates via the group policies. The webex was signed by an earlier generation root certificate from Digicert and it should be available in the trusted store and there is no requirement to manually add the certificate into the trusted store. But the information was always available on help.webex.com. A few months back, we had a similar issue when Cisco updated to use identrust.com.
The public CA, Digicert has updated its root CA to DigiCert Trusted Root G4. Since it is new, there may be a chance that your PC may not be updated with the new certificates in its trusted store.
Regards
04-19-2022 05:14 AM - edited 04-19-2022 05:16 AM
Hi @eliegerges,
I had similar question and opened case with Cisco. Below is the response:
According to the RFC 3161 standard, a trusted timestamp is a timestamp issued by a Trusted Third Party (TTP) acting as a Time Stamping Authority (TSA). It is used to prove the existence of certain data before a certain point (e.g. contracts, research data, medical records, ...) without the possibility that the owner can backdate the timestamps. Multiple TSAs can be used to increase reliability and reduce vulnerability.
The newer ANSI ASC X9.95 Standard for trusted timestamps augments the RFC 3161 standard with data-level security requirements to ensure data integrity against a reliable time source that is provable to any third party. This standard has been applied to authenticating digitally signed data for regulatory compliance, financial transactions, and legal evidence.
I checked with some of our customers and also checked on my PC and this certificate is already installed on end user machines. My guess is that the certificates gets installed with Windows update.
If you don't see this certificate then, as recommended by Cisco, install it on end user machines.
04-19-2022 05:26 AM
Hello @Vaijanath Sonvane
Thank you for your reply but i need to ask you why it is related to Webex and the email was sent by Webex Global Communications?
04-19-2022 06:52 AM
Hi @eliegerges,
Because end users are using Webex App on their PC and this certificate is related to Webex. That is why the email communication is from Webex Global Communications.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide