Symantec will begin updating the SSL interception root certificate used by the WSS service later this year. Impact
Existing certificates installed on endpoints and other devices will continue to function normally until September, 2021.
The current certificate expiration date is September 5, 2021. After this date, SSL Interception, SAML authentication, and other services will trigger certificate validation errors on endpoints that still have the current certificate. Required Action
Beginning October 12th, 2020, you can obtain the new WSS Root Certificate from the WSS portal.
To avoid connection issues, upgrade all applicable technologies before September 5th, 2021, including:
• Endpoints without an Agent or pre-7.1 WSS Agent versions
• On-premises devices connected by IPsec or Proxy Forwarding
• Proxy Forwarding connectivity method: you must also add the new certificate to the browser-trusted list on the ProxySG appliance
An upcoming WSS Agent version (7.x) automatically installs the new certificate on endpoints. When you upgrade WSS Agent to that version, no further action is required. Upcoming releases of SEP and SEP-Mobile will also automatically install the new certificate on endpoints.
See the following FAQ for additional details:https://knowledge.broadcom.com/external/article?articleId=200314