Critical Updates for RSA SecurID Access Components Used with the Cloud Authentication Service

Document created by RSA Product Team Employee on Aug 24, 2018Last modified by Andrea Taylor on Aug 24, 2018
Version 4Show Document
  • View in full screen mode

You must take action before September 1, 2018 to avoid service disruptions.

RSA announces critical updates to multiple RSA SecurID Access components. The root certificates used by the Cloud Authentication Service are changing on September 1 to the “Entrust Root Certification Authority – G2” certificate issued by the Entrust Certificate Authority. The previous certificate issued by Thawte CA will not be valid as of September 1. See below for information about each component.


You must take action before September 1, 2018 to avoid service disruptions.

 

Cloud Authentication Service
The August 2018 release of the Cloud Authentication Service, released on August 18, 2018, includes a critical update for your identity router. This critical update requires that you update your identity router software on or before August 29, 2018 to ensure continued connectivity to the service. For more information, click here.

 

RSA Authentication Agents

  • RSA Authentication Agent for PAM 8.0: To use this authentication agent with the RSA Cloud Authentication Service, you must manually replace the root certificate on the agent. See “Replace the Server Trusted Root CA Certificate” in the RSA Authentication Agent 8.0 for PAM Installation and Configuration Guide for your platform for instructions. Click here to download the new root certificate. If your agent is connected to RSA Authentication Manager then you do not need to upload a new certificate.
  • RSA Authentication Agent for ADFS 2.0: To use this authentication agent with the RSA Cloud Authentication Service, verify that the Windows Certificate Authority contains the Entrust root certificate. If it does not then you must upload a new root certificate. See “Import Trusted Root Certificate” in the RSA Authentication Agent 2.0 for Microsoft AD FS Administrator’s Guide for instructions. Click here to download the new root certificate. If your agent is connected to RSA Authentication Manager then you do not need to upload a new certificate.

 

No other RSA Authentication Agent versions or platforms are impacted.

 

RSA SecurID Authenticate App
Authentication will not be impacted, however, an updated version of RSA SecurID Authenticate will be released for iOS and Android before September 1 that allows users to register a device after the root certificate is changed on the Cloud Authentication Service. RSA recommends that users always use the latest version of the app so they have the latest fixes, features and enhancements.


RSA SecurID Software Token apps are not impacted by this issue.

 

RSA SecurID Authentication API
Ensure that your client supports certificates issued by Entrust, so that it can continue to authenticate with the Cloud Authentication Service after the root certificate update. See “SSL Certificate Requirements” in the RSA SecurID Authentication API Developer’s Guide for information about retrieving the new root certificate from the Cloud Authentication Service.

 

For additional documentation, downloads, and more, visit the RSA SecurID Access page on RSA Link.

 

EOPS Policy:

RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the Product Version Life Cycle for additional details.

Attachments

    Outcomes