cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
ade36
Level 7
Report Inappropriate Content
Message 1 of 3
‎05-28-2020 12:36 PM

Question Regarding notice: McAfee SNS Notice: Root Certificate Expiration

Jump to solution
I received an email about this regarding Root Certificate expiration This appears to be pointing on this one https://kc.mcafee.com/corporate/index?page=content&id=KB92937 "Two certificates validate McAfee TLS chains, including a primary expiring in 2038 and a secondary expiring at 10:48 GMT, May 30, 2020. If either certificate, or both, are present in your environment, TLS will function correctly before May 30, 2020. After May 30, 2020, only the primary certificate will be valid. Out of an abundance of caution, McAfee is informing customers of this impending event. " We have McAfee Web Gateway, i don't believe I see the certificates mentioned on this. Should this be a concern with Web Gateway ? if so , How can we validate and check in MWG web gateway that we are affected on this ?
2 people had this problem.
0 Kudos
Reply
1 Solution

Accepted Solutions
Niks
Employee
Employee
Report Inappropriate Content
Message 2 of 3
‎05-29-2020 07:45 AM

Re: Question Regarding notice: McAfee SNS Notice: Root Certificate Expiration

Jump to solution

The affected certificate chain is used by MWG for updates.We have already tested the update functionality with an MWG having a modified date of June 1st and was able to update, so we are pretty sure that there might be no impact here. But in case if MWG finds the certificate chain invalid when trying to talk to the update servers this will likely give a red light on the dashboard.

As mentioned we are well prepared and sure no issue will occur. Just in case if this occurs create a support ticket with feedback file and tcpdump.

View solution in original post

0 Kudos
Reply
2 Replies
Niks
Employee
Employee
Report Inappropriate Content
Message 2 of 3
‎05-29-2020 07:45 AM

Re: Question Regarding notice: McAfee SNS Notice: Root Certificate Expiration

Jump to solution

The affected certificate chain is used by MWG for updates.We have already tested the update functionality with an MWG having a modified date of June 1st and was able to update, so we are pretty sure that there might be no impact here. But in case if MWG finds the certificate chain invalid when trying to talk to the update servers this will likely give a red light on the dashboard.

As mentioned we are well prepared and sure no issue will occur. Just in case if this occurs create a support ticket with feedback file and tcpdump.

0 Kudos
Reply
SMEDHI
Employee
Employee
Report Inappropriate Content
Message 3 of 3
‎06-01-2020 04:21 AM

Re: Question Regarding notice: McAfee SNS Notice: Root Certificate Expiration

Jump to solution

McAfee’s product line uses TLS for secure communication. Two certificates validate McAfee TLS chains, including a primary expiring in 2038 and a secondary expiring on May 30, 2020. If either certificate (or both) are present in a customer's environment, TLS will function correctly prior to May 30, 2020. After May 30, 2020, only the primary certificate will be valid. Out of an abundance of caution, McAfee is informing customers.

Generally, certificates are auto-updated through operating systems, and customers will not be impacted. However, in environments where automatic management of root certificates is disabled and the primary certificate has not been manually deployed, customers will potentially be impacted. KB92937 provides information on how to verify and/or install the primary certificate.

If you have an issue with MWG where Web Gateway is blocking access to websites with an error message, then this might be the reason: 

Secure web traffic (TLS) is based on a certificate hierarchy. By design, MWG has a feature that blocks websites that don’t have a trusted certificate path.
The expired certificate from this morning is used by many other companies/websites and not all of them have updated their certs. MWG can and will block access to these now untrusted websites if the customer has configured it to do so by the policy. See KB92953 for more details and workarounds.

 

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from product experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by employees.
Join the Community
Join the Community

TrellixSkyhigh Security | Support Trellix.com SkyhighSecurity.com

Legal Privacy Copyright © 2022 Musarubra US LLC