Action Required: Update Certificate Trust Stores

Forum|Forum|2 years ago
November 15, 2023
8 replies
2 views

Our company received an email that had the subject "Action Required: Update Certificate Trust Stores" Then proceeded to say:

"In keeping up with standard industry practices, Zoom will be updating its current single sign-on (SSO) certificate ahead of its expiration on Tuesday, January 2, 2024. Our new SSO Certificate will be issued from the G2 root. As such, we are reaching out to notify you that you may need to add a new certificate to your trust stores prior to Dec 1st, 2023, to avoid a service disruption.

If you have configured your systems to trust the DigiCert Global Root G2, then no action is required. Please consult your vendor documentation to understand if your device includes/trusts this certificate in its software or firmware. However, if you only include/trust the DigiCert Global Root CA, you will need to install and trust Zoom’s upcoming root certificates on your device operating system and/or firmware by Dec 1st, 2023 to avoid a service disruption. In addition, if you chose to disable the automatic update or if your IDP does not support automatic certificate rotation, action may be required for your account. More details to come. "

However when I try to contact Zoom support I am directed to a 3rd party vendor Lumen website. I have been unable to get a hold of Lumen support regarding this issue. Can anyone tell me how do I check to see if our systems have been configured to trust the DigiCert Global Root G2?

bstrelko

Community Champion | Customer

Do you use the SSO option to log into Zoom?

If your org doesn't use SSO for Zoom authentication, no action should be required. Other IT admins feel free to chime in here with additional info.

H

hamsandwich

Newcomer

We do use SSO to login and it is still unclear what we have to update?

One additional question we have is whether we need to update our Logitech Tap devices? We have found a place to update the certificate on the device but we are unsure.

bstrelko

Community Champion | Customer

Whoever configured SSO for your org will have a better understanding of next steps. A blog post on the Zoom Community forum will not do the complex subject of trusted certificates justice 🙂

No, you will not need to update certificates your Logitech Tap devices. Whether you are using CA or self-signed certs for your Tap controllers/schedulers, these certs are not tied to Zoom, let alone Zoom's SSO.

S

sntanis

Newcomer

We have the same query. We configured our SSO through MS Azure (Entra) - nothing else. so not sure what the next steps would be.

Z

zoom123

Newcomer

Same here. We also use Azure for our SSO. The email says to install the root certificates on your device operating system. Can anyone from Zoom to clarify this?

bstrelko

Community Champion | Customer

There are 2 components here -

1.) Endpoint certificates (most Windows/Mac machines with current a current OS will have the DigiCert Global Root G2 in trusted stores, but this can/should be checked just to be sure).

2.) The IdP you use for SSO

"In addition, if you chose to disable the automatic update or if your IDP does not support automatic certificate rotation, action may be required for your account. More details to come."

I imagine that the overwhelming majority of orgs will not need to take any action if their SSO has been configured or looked at recently and if their fleet of endpoints is either relatively current or managed by a competent IT team.

Either way - very much agreed that the announcement was unclear and put a LOT of people into panic mode. Let's see what "more details to come" means with the deadline so close.