Hybrid CMR (aka WeT) Certificate Changes

Dear WebEx/CMR-Hybrid/CMR-Cloud Customer,
To enhance security, on January 20, 2015, Cisco changed to a 4096-bit certificate model
under different root certificate authorities, than used previously.  These certificates
are used to secure traffic to and from the Cloud components and your Edge devices (VCS
Expressway or Expressway-E). This is part of a continuing process to maintain meeting
confidentiality and privacy.
Previously, WebEx had used a certificate that was issued under the Root CA 'DST Root CA
X3' to secure traffic between the customer premises and WebEx.  Your VCS Expressway or
Expressway-E stores the root certificate 'DST Root CA X3' that trusts our previously used
certificates on the WebEx cloud servers. We have revoked this certificate and replaced it
with new certificates that will be issued by up to four different Root authorities. We
need to ensure that your Edge device trusts the new Root certificate authorities in order
support the new WebEx certificates.
Based on customer feedback after our initial Certificate Update Communication sent on
January 9th, 2015, we have subsequently determined that a fourth Certificate for customers
was missing from the communication, and that this additional Certificate is indeed
required. This additional Certificate is listed below as "Root 2." To ensure proper and
private/secure operation of CMR Hybrid/CMR Cloud, customers need to ensure that all four
root certificate authorities below are added to their 'Trusted CA Certificate' list.
Details on how to add CA certificates can be found in the 'Cisco TelePresence VCS
Certificate Creation and Use' Page 13
-http://www.cisco.com/c/dam/en/us/td/docs/telepresence/infrastructure/vcs/config_guide/X8-
2/Cisco-VCS-Certificate-Creation-and-Use-Deployment-Guide-X8-2.pdf

Current CA's Trusted from WebEx:
   Verisign Certificates:

Full Verisign Root Certificate Package Download:
http://www.symantec.com/content/en/us/enterprise/verisign/roots/roots.zip

   Specific required Verisign Certificates downloaded from below link:

*       Root 2
o       'VeriSign Class 3 Public Primary CA' - http://www.symantec.com/page.jsp?id=roots
*       Root 3
o       'VeriSign Class 3 Primary CA - G5' - http://www.symantec.com/page.jsp?id=roots
*       Root 4
o       'VeriSign Class 3 Public Primary CA - G3' -
http://www.symantec.com/page.jsp?id=roots

   QuoVadis Certificate:

*       QuoVadis Root CA2
o       'QuoVadis Root CA 2' -
https://www.quovadisglobal.com/QVRepository/DownloadRootsAndCRL.aspx

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s