Ask a Question

Advanced Search

Alert ID : INFO4331

Last Modified : 12/19/2018

Installing the Symantec Private Root CA and Private Intermediate CA certificates for Secure App Service Production Environment

Description

SAS Code-Signing PKI Hierarchy changes for Client Admin certificates

As part of the integration with DigiCert's certificate issuance platforms, we are updating some of our code signing PKI hierarchy on Secure App Service (SAS). We plan to start issuing new code signing certificates for Client Admin certificates on February 21st, 2019. After this date Client Admin new certificates issued will come from a different PKI hierarchy compared to what is in use today.

For more details on this hierarchy update, please see https://knowledge.digicert.com/generalinformation/sas-new-code-signing-pki-hierarchy.html

 

Audience

For Secure App Service (SAS) production environment only.

  • Secure App Service portal users, at both Service Management and Workgroup levels
  • Secure App Service API users
  • Cryptographic Service Provider (CSP) tool users

For information about the pre-production/pilot environment, see Installing the Symantec Private Root CA and Private Intermediate CA certificates for Secure App Service Pilot Environment.

Contents

Why do I need Symantec Private Root CA and Intermediate CA certificates?

As a user of Symantec Secure App Service (SAS), you use a client authentication certificate to login and use most of our services. This client authentication certificate is chained to our Private Intermediate CA for codesigning and our Private Root CA. Your client authentication certificate is not valid unless you also have the corresponding Root and Intermediate CA certificates installed in your browser.

Important! Users who have opted for Two Factor Authentication through Secure App Service APIs and Cryptographic Service Provider (CSP) tool do not need to install these certificates separately. For such users, these certificates are bundled in the P7B file generated during their client certificate pickup process. To learn more about Two Factor Authentication enabled API and CSP tool accounts, see Adopting Two Factor Authentication for Secure App Service.

Where can I find Symantec Private Root CA and Intermediate CA certificates?

The Symantec Private Root CA and Private Intermediate CA certificates are attached to this KB article. Download both the attachments to the device that you would use for accessing Secure App Service.

After you download the attached certificates, install them on your device.

How do I install the Symantec Private Root CA and Intermediate CA certificates?

Secure App Service works on Mozilla Firefox and Microsoft Internet Explorer (versions 10, 11, and later, excluding Edge). You must use one of these browsers to install the Root CA, Intermediate CA, and Client authentication certificates.

Follow the instructions applicable to your browser.

Internet Explorer

To install the Root CA certificate:

  1. Navigate to Tools, Internet Options, Content, Certificates.
  2. Select Trusted Root Certificate Authorities for installing the Root CA certificate.
  3. Click Import, then Next.
  4. Click Browse and navigate to the folder where you downloaded the attached certificates.
  5. Select the Root CA certificate, then click Open.
  6. Click Next, again click Next, then click Finish to complete the installation.
  7. Click OK.

To install the Intermediate CA certificate:

  1. Navigate to Tools, Internet Options, Content, Certificates.
  2. Select Intermediate Certification Authorities for installing the Intermediate CA certificate.
  3. Click Import, then Next.
  4. Click Browse and navigate to the folder where you downloaded the attached certificates.
  5. Select the Intermediate CA certificate, then click Open.
  6. Click Next, again click Next, then click Finish to complete the installation.
  7. Click OK.

You are now ready to pick up your client authentication certificate for accessing Secure App Service.

Firefox

  1. Navigate to Tools, Options, Advanced, Certificates.
  2. Click View Certificates, Authorities. Firefox lets you install both the Root CA and Intermediate CA certificates in the Authorities tab.
  3. Click Import and navigate to the folder where you downloaded the attachments.
  4. Select the Root CA certificate and click Open.
  5. Click OK.
  6. Follow the same process for the Intermediate CA certificate.

Note: For Firefox, you do not need to install both the Root and Intermediate CA certificates. If you directly install the Intermediate CA certificate, Firefox automatically fetches the corresponding Root CA.

You are now ready to pick up your client authentication certificate for accessing Secure App Service.

 

 

Attachments

Pre-February 21st, 2019: Private Root CA Certificate

Pre-January 21st, 2019: Private Intermediate CA Certificate

Post-February 21st, 2019: Private Root CA Certificate

Post-February 21st, 2019: Private Intermediate CA Certificate