Zoomtopia is here. Unlock the transformative power of generative AI, helping you connect, collaborate, and Work Happy with AI Companion.
Register nowEmpowering you to increase productivity, improve team effectiveness, and enhance skills.
Learn moreKeep your Zoom app up to date to access the latest features.
Download Center Download the Zoom appDownload hi-res images and animations to elevate your next Zoom meeting.
Browse Backgrounds Zoom Virtual BackgroundsEmpowering you to increase productivity, improve team effectiveness, and enhance skills.
Zoom AI CompanionThe Zoom Community has won the Best Customer Support Community award!
Celebrate with us2023-11-15 12:55 PM
Our company received an email that had the subject "Action Required: Update Certificate Trust Stores" Then proceeded to say:
"In keeping up with standard industry practices, Zoom will be updating its current single sign-on (SSO) certificate ahead of its expiration on Tuesday, January 2, 2024. Our new SSO Certificate will be issued from the G2 root. As such, we are reaching out to notify you that you may need to add a new certificate to your trust stores prior to Dec 1st, 2023, to avoid a service disruption.
If you have configured your systems to trust the DigiCert Global Root G2, then no action is required. Please consult your vendor documentation to understand if your device includes/trusts this certificate in its software or firmware. However, if you only include/trust the DigiCert Global Root CA, you will need to install and trust Zoom’s upcoming root certificates on your device operating system and/or firmware by Dec 1st, 2023 to avoid a service disruption. In addition, if you chose to disable the automatic update or if your IDP does not support automatic certificate rotation, action may be required for your account. More details to come. "
However when I try to contact Zoom support I am directed to a 3rd party vendor Lumen website. I have been unable to get a hold of Lumen support regarding this issue. Can anyone tell me how do I check to see if our systems have been configured to trust the DigiCert Global Root G2?
2023-11-15 02:00 PM - edited 2023-11-15 02:01 PM
Do you use the SSO option to log into Zoom?
If your org doesn't use SSO for Zoom authentication, no action should be required. Other IT admins feel free to chime in here with additional info.
2023-11-15 05:33 PM
We do use SSO to login and it is still unclear what we have to update?
One additional question we have is whether we need to update our Logitech Tap devices? We have found a place to update the certificate on the device but we are unsure.
2023-11-15 07:59 PM - edited 2023-11-15 07:59 PM
Whoever configured SSO for your org will have a better understanding of next steps. A blog post on the Zoom Community forum will not do the complex subject of trusted certificates justice 🙂
No, you will not need to update certificates your Logitech Tap devices. Whether you are using CA or self-signed certs for your Tap controllers/schedulers, these certs are not tied to Zoom, let alone Zoom's SSO.
2023-11-16 07:46 AM
Our organization also uses SSO for our users to sign-in. Our Windows 10/11 computers all have the new DigiCert Global Root G2 certificate in their Trusted Root Certification Authorities Certificates folder. The expiration date and serial number match what was set in the email. I agree that it's unclear on what is needed. If anyone has more specifics on this, it would be appreciated.
2023-11-16 07:59 AM
We have the same query. We configured our SSO through MS Azure (Entra) - nothing else. so not sure what the next steps would be.
2023-11-16 03:43 PM
Same here. We also use Azure for our SSO. The email says to install the root certificates on your device operating system. Can anyone from Zoom to clarify this?
2023-11-16 08:57 PM - edited 2023-11-16 09:00 PM
There are 2 components here -
1.) Endpoint certificates (most Windows/Mac machines with current a current OS will have the DigiCert Global Root G2 in trusted stores, but this can/should be checked just to be sure).
2.) The IdP you use for SSO
"In addition, if you chose to disable the automatic update or if your IDP does not support automatic certificate rotation, action may be required for your account. More details to come."
I imagine that the overwhelming majority of orgs will not need to take any action if their SSO has been configured or looked at recently and if their fleet of endpoints is either relatively current or managed by a competent IT team.
Either way - very much agreed that the announcement was unclear and put a LOT of people into panic mode. Let's see what "more details to come" means with the deadline so close.
2023-11-16 09:30 PM - edited 2023-11-16 09:31 PM
Regarding checking endpoints for DigiCert Global Root G2, you can use Keychain Access (built into MacOS):
Or Certificate Manger / MMC (built into Windows):
2023-11-17 03:12 PM
As others have posted our SSO is configured through Google Workspace and is working well.
As @bstrelko posted our endpoint machines (Mac laptops) do have the "DigiCert Global Root G2" that Expires: Friday, January 15, 2038.
And the devices we have, Logitech Tap, don't need certificate updates correct?
I did add the new cert to one of the Logitech Tap devices but perhaps unneeded.
2023-11-19 04:04 PM
Same here, checked couple machines and all of them already have G2 certificate with same fingerprint and expiration date in trusted root folder.
I'm wondering if anything needs to be done on Azure side....
2023-11-30 05:53 AM - edited 2023-11-30 05:57 AM
What about Poly CCX 400 phones? Do we have to install the Digicert Global G2 Root Certificate on them?
I guess no action is required because it is provisioned and does not use SSO login.