Chrome 70 Dropping Trust of SSL Certificates issue by Symantec
Posted: Wed Oct 10, 2018 1:47 pm
Question: How do I update/renew Symantec-issued SSL certificates in GoAnywhere since Chrome 7 is not trusting the existing certificates?
Answer: If you have been, or will be affected by Google Chrome discontinuing the trust of Symantec and other root certificates in version 7, you should have been notified by Digicert with information and instructions how to renew your certificates. This notification may have been sent to someone else in your organization or caught in a spam filter, so below is a link for your convenience.
https://www.websecurity.symantec.com/bl ... rtificates
At the time of this posting, DigiCert is offering a way to check your certs here: https://www.websecurity.symantec.com/su ... sl-checker
After receiving your replacement certificate, you will Import install it with the GoAnywhere Key Management System (KMS), or “File Based” certificate manager. You will need to log in with an Admin user with the Key Manager role.
To work with SSL certificates:
KMS: Encryption > Key Management System. Then click the options cog next to the Key Vault in use (typically Default), then select Manage Certificates.
File Based: Encryption > File Based Keys > Certificates.
On the Certificates page, you can click the Help “?” on the upper right for assistance if needed. You will receive either a CA Reply file or certificate file(s), so choose one of the following options.
If you received the SSL certificate file(s) (not a CA Reply file), you will import each cert received into GA using the KMS or File Based Certificate Manager.
KMS: Use the Help page (“?” at top right) and scroll down to “Import a certificate…”. Click and follow instructions.
File Based: Use the Help page (“?” at top right) and scroll down to “Import a trusted certificate…”. Click and follow instructions.
Or…
If you received a CA Reply file and need further assistance, scroll down to “Import a reply…” (file-based) or “Import a CA Reply” (KMS). Click and follow the instructions on the Import CA Reply screen.
Answer: If you have been, or will be affected by Google Chrome discontinuing the trust of Symantec and other root certificates in version 7, you should have been notified by Digicert with information and instructions how to renew your certificates. This notification may have been sent to someone else in your organization or caught in a spam filter, so below is a link for your convenience.
https://www.websecurity.symantec.com/bl ... rtificates
At the time of this posting, DigiCert is offering a way to check your certs here: https://www.websecurity.symantec.com/su ... sl-checker
After receiving your replacement certificate, you will Import install it with the GoAnywhere Key Management System (KMS), or “File Based” certificate manager. You will need to log in with an Admin user with the Key Manager role.
To work with SSL certificates:
KMS: Encryption > Key Management System. Then click the options cog next to the Key Vault in use (typically Default), then select Manage Certificates.
File Based: Encryption > File Based Keys > Certificates.
On the Certificates page, you can click the Help “?” on the upper right for assistance if needed. You will receive either a CA Reply file or certificate file(s), so choose one of the following options.
If you received the SSL certificate file(s) (not a CA Reply file), you will import each cert received into GA using the KMS or File Based Certificate Manager.
KMS: Use the Help page (“?” at top right) and scroll down to “Import a certificate…”. Click and follow instructions.
File Based: Use the Help page (“?” at top right) and scroll down to “Import a trusted certificate…”. Click and follow instructions.
Or…
If you received a CA Reply file and need further assistance, scroll down to “Import a reply…” (file-based) or “Import a CA Reply” (KMS). Click and follow the instructions on the Import CA Reply screen.