cancel
Showing results for 
Search instead for 
Did you mean: 

Action Required: Update Certificate Trust Stores

bktcoe
Newcomer
Newcomer

Our company received an email that had the subject "Action Required: Update Certificate Trust Stores" Then proceeded to say:
 
"In keeping up with standard industry practices, Zoom will be updating its current single sign-on (SSO) certificate ahead of its expiration on Tuesday, January 2, 2024. Our new SSO Certificate will be issued from the G2 root. As such, we are reaching out to notify you that you may need to add a new certificate to your trust stores prior to Dec 1st, 2023, to avoid a service disruption.

If you have configured your systems to trust the DigiCert Global Root G2, then no action is required. Please consult your vendor documentation to understand if your device includes/trusts this certificate in its software or firmware. However, if you only include/trust the DigiCert Global Root CA, you will need to install and trust Zoom’s upcoming root certificates on your device operating system and/or firmware by Dec 1st, 2023 to avoid a service disruption. In addition, if you chose to disable the automatic update or if your IDP does not support automatic certificate rotation, action may be required for your account. More details to come. "

However when I try to contact Zoom support I am directed to a 3rd party vendor Lumen website. I have been unable to get a hold of Lumen support regarding this issue. Can anyone tell me how do I check to see if our systems have been configured to trust the DigiCert Global Root G2?

11 REPLIES 11

bstrelko
Community Champion | Customer
Community Champion | Customer

Do you use the SSO option to log into Zoom?

bstrelko_0-1700085528615.png

 

If your org doesn't use SSO for Zoom authentication, no action should be required. Other IT admins feel free to chime in here with additional info.

hamsandwich
Newcomer
Newcomer

We do use SSO to login and it is still unclear what we have to update? 

 

One additional question we have is whether we need to update our Logitech Tap devices? We have found a place to update the certificate on the device but we are unsure. 

bstrelko
Community Champion | Customer
Community Champion | Customer

Whoever configured SSO for your org will have a better understanding of next steps. A blog post on the Zoom Community forum will not do the complex subject of trusted certificates justice 🙂

 

No, you will not need to update certificates your Logitech Tap devices. Whether you are using CA or self-signed certs for your Tap controllers/schedulers, these certs are not tied to Zoom, let alone Zoom's SSO.

Our organization also uses SSO for our users to sign-in. Our Windows 10/11 computers all have the new DigiCert Global Root G2 certificate in their Trusted Root Certification Authorities Certificates folder. The expiration date and serial number match what was set in the email. I agree that it's unclear on what is needed. If anyone has more specifics on this, it would be appreciated.

sntanis
Newcomer
Newcomer

We have the same query. We configured our SSO through MS Azure (Entra) - nothing else. so not sure what the next steps would be.

zoom123
Explorer
Explorer

Same here. We also use Azure for our SSO. The email says to install the root certificates on your device operating system. Can anyone from Zoom to clarify this?

bstrelko
Community Champion | Customer
Community Champion | Customer

There are 2 components here -

1.) Endpoint certificates (most Windows/Mac machines with current a current OS will have the DigiCert Global Root G2 in trusted stores, but this can/should be checked just to be sure).

 

 

2.) The IdP you use for SSO

  "In addition, if you chose to disable the automatic update or if your IDP does not support automatic certificate rotation, action may be required for your account. More details to come."

 

I imagine that the overwhelming majority of orgs will not need to take any action if their SSO has been configured or looked at recently and if their fleet of endpoints is either relatively current or managed by a competent IT team.

Either way - very much agreed that the announcement was unclear and put a LOT of people into panic mode. Let's see what "more details to come" means with the deadline so close.

bstrelko
Community Champion | Customer
Community Champion | Customer

Regarding checking endpoints for DigiCert Global Root G2, you can use Keychain Access (built into MacOS):

bstrelko_0-1700198838678.png

 

Or Certificate Manger / MMC (built into Windows):

bstrelko_2-1700199108371.png

 

 

 

hamsandwich
Newcomer
Newcomer

As others have posted our SSO is configured through Google Workspace and is working well.

 

As @bstrelko posted our endpoint machines (Mac laptops) do have the "DigiCert Global Root G2" that Expires: Friday, January 15, 2038.

 

And the devices we have, Logitech Tap, don't need certificate updates correct?

I did add the new cert to one of the Logitech Tap devices but perhaps unneeded.

 

upatrono
Newcomer
Newcomer

Same here, checked couple machines and all of them already have G2 certificate with same fingerprint and expiration date in trusted root folder. 

I'm wondering if anything needs to be done on Azure side....

lcie
Explorer
Explorer

What about Poly CCX 400 phones? Do we have to install the Digicert Global G2 Root Certificate on them?

I guess no action is required because it is provisioned and does not use SSO login.