Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3743
Views
10
Helpful
7
Replies

ACTION NEEDED: Time Stamp Authority (TSA) server root certification

eliegerges
Level 1
Level 1

‎04-18-2022 10:48 PM

Dears,

 

I received the below email : 

 

ACTION NEEDED: Time Stamp Authority (TSA) server root certificate has expired

 

Dear Webex Customer,

 

This message is to inform you that the Time Stamp Authority (TSA) server root certificate has been updated as of April 1, 2022, from DigiCert to DigiCert Trusted Root G4.

 

If you haven’t already, please take action immediately to install DigiCert Trusted Root G4 on your users’ machines to avoid issues with releases and product updates delivered after April 1, 2022. You can download the DigiCert Trusted Root G4 certificate here.

 

Kindly advise what actions should be done from my side as the email is unclear

 

Thank you

3 people had this problem
0 Helpful
7 Replies 7

emiliolara
Level 1
Level 1

‎04-25-2022 03:12 PM - edited ‎04-25-2022 03:12 PM

Cisco TAC response:


It applies to PC set up using WebEx meeting.

There are no actions required to do from the control hub.

If you are having Microsoft certificate store, there is no issues as the certificate will be updated by default, but if you are using custom certificate store, you need to add the certificate , this should be done from the IT department end

The certificate is not related only to WebEx, it is a general certificate. It could be installed /updated on user's devices as they are included in the OS/browser's trust store.

You don't need to install the Root CA certificates as they are included on your OS/ browser's trust store. you can go this link : https://trusted-root-g4.chain-demos.digicert.com - if your browser loads the page without warning. It trusts the DigiCert trusted root G4.

0 Helpful

Ashish Patel
Cisco Employee
Cisco Employee

‎04-19-2022 06:51 AM

Its because webex uses digicert certs https://help.webex.com/en-us/article/WBX264/How-Do-I-Allow-Webex-Meetings-Traffic-on-My-Network?#id_135010 *.digicert.com



Response Signature


0 Helpful

eliegerges
Level 1
Level 1
In response to Ashish Patel

‎04-21-2022 05:22 AM

@Ashish Patel but before we didnt use to add any certificate what have changed now ?

0 Helpful

Shalid Kurunnan Chalil
Spotlight
Spotlight
In response to eliegerges

‎04-21-2022 07:04 AM

Hi, 

The operating system includes most of the public trusted certificate authorities' root certificates in their trusted store. Sometimes the system administrator applies/installs these certificates via the group policies.  The webex was signed by an earlier generation root certificate from Digicert and it should be available in the trusted store and there is no requirement to manually add the certificate into the trusted store. But the information was always available on help.webex.com.  A few months back, we had a similar issue when Cisco updated to use identrust.com.

 

The public CA,  Digicert has updated its root CA to  DigiCert Trusted Root G4. Since it is new, there may be a chance that your PC may not be updated with the new certificates in its trusted store.  

 

Regards

 

0 Helpful

Vaijanath Sonvane
VIP Alumni
VIP Alumni

‎04-19-2022 05:14 AM - edited ‎04-19-2022 05:16 AM

Hi @eliegerges,

I had similar question and opened case with Cisco. Below is the response:

According to the RFC 3161 standard, a trusted timestamp is a timestamp issued by a Trusted Third Party (TTP) acting as a Time Stamping Authority (TSA). It is used to prove the existence of certain data before a certain point (e.g. contracts, research data, medical records, ...) without the possibility that the owner can backdate the timestamps. Multiple TSAs can be used to increase reliability and reduce vulnerability.
The newer ANSI ASC X9.95 Standard for trusted timestamps augments the RFC 3161 standard with data-level security requirements to ensure data integrity against a reliable time source that is provable to any third party. This standard has been applied to authenticating digitally signed data for regulatory compliance, financial transactions, and legal evidence.

I checked with some of our customers and also checked on my PC and this certificate is already installed on end user machines. My guess is that the certificates gets installed with Windows update.

cert_console.png

If you don't see this certificate then, as recommended  by Cisco, install it on end user machines. 

 

 

Please rate helpful posts and if applicable mark "Accept as a Solution".
Thanks, Vaijanath S.

eliegerges
Level 1
Level 1
In response to Vaijanath Sonvane

‎04-19-2022 05:26 AM

Hello @Vaijanath Sonvane 

 

Thank you for your reply but i need to ask you why it is related to Webex and the email was sent by Webex Global Communications?

 

 

 

0 Helpful

Vaijanath Sonvane
VIP Alumni
VIP Alumni
In response to eliegerges

‎04-19-2022 06:52 AM

Hi @eliegerges,

Because end users are using Webex App on their PC and this certificate is related to Webex. That is why the email communication is from Webex Global Communications. 

 

 

Please rate helpful posts and if applicable mark "Accept as a Solution".
Thanks, Vaijanath S.

0 Helpful
Getting Started

Welcome to the Webex Community. This is your home to ask questions, share knowledge, and attend live webinars.

Customers Also Viewed These Support Documents