Lenovo Replacing Distrusted GeoTrust Certificates With New DigiCert Certificates
Lenovo Replacing Distrusted GeoTrust Certificates With New DigiCert Certificates
Lenovo Replacing Distrusted GeoTrust Certificates With New DigiCert Certificates
Lenovo Security Advisory: LEN-24497
Scope of Impact: Industry-wide. Anyone using a GeoTrust certificate will need to update to DigiCert. Major browsers will stop trusting GeoTrust certificates as early as October.
Summary Description: Many Lenovo sites use PKI certificates issued by the GeoTrust Certificate Authority (CA). Well-documented shortcomings in GeoTrust's processes have led to the industry losing trust in this CA, and thus "distrusting" or disabling GeoTrust certificates. As a result, Lenovo is replacing all GeoTrust certificates with new ones issued by DigiCert. This will happen on September 21, 2018.
Many Lenovo support applications use HTTPS to communicate securely with Lenovo sites and some IBM sites. Each application must be updated to begin trusting the new DigiCert CA and certificates.
Mitigation Strategy for Customers (what you should do to protect yourself): Upgrade to the application version (or newer) for each product described in the Product Impact section below. Note that downlevel applications are not vulnerable because of this — rather the application "Functions Impacted" listed in the table will stop working on the given "Cutover Date".
Product Impact:
Product | Functions Impacted | Cutover Date | Customer Actions |
---|---|---|---|
Lenovo XClarity Administrator | Firmware Download, Lenovo Upload Facility, Warranty Status | 2018-09-21 | Options:
|
Lenovo XClarity Essentials UpdateXpress | Electronic Download | 2018-09-21 | Options:
|
Lenovo XClarity Essentials Bootable Media Creator | Electronic Download | 2018-09-21 | Upgrade to version 11.3.0 https://datacentersupport.lenovo.com/us/en/solutions/lnvo-bomc |
Lenovo XClarity Essentials OneCLI | Electronic Download | 2018-09-21 | Options:
|
Lenovo XClarity Integrator for VMware vCenter | Electronic Download | 2018-09-21 | Upgrade to version 5.4.0 with fixpack 2 https://support.lenovo.com/us/en/solutions/lnvo-vmware |
Lenovo XClarity Integrator System Center Configuration Manager | Electronic Download | 2018-09-21 | Upgrade to version 7.4.0 with fixpack 1 https://support.lenovo.com/us/en/solutions/lnvo-suap |
Lenovo XClarity Integrator System Center Virtual Machine Manager | Electronic Download | 2018-09-21 | Upgrade to version 3.4.0 with fixpack 1 https://support.lenovo.com/us/en/solutions/lnvo-scvmadd |
Integrated Management Module, Integrated Management Module II | Service and Support - Support Center | After 2018-09-21 | Firmware obtained from IBM Fix Central, and Firmware obtained from datacenterspport.lenovo.com code are both available for download. |
Advanced Management Module | Service and Support - Support Center | After 2018-09-20 | Advanced Management Module supporting DigiCert certificate is now available. |
References:
Google "Chrome's Plan to Distrust Symantec Certificates":
https://security.googleblog.com/2017/09/chromes-plan-to-distrust-symantec.html
DigiCert "Replace Your Symantec SSL/TLS Certificates"
https://www.digicert.com/replace-your-symantec-ssl-tls-certificates/
DigiCert "Reissue Certificates before Distrust Deadlines":
https://knowledge.digicert.com/alerts/ALERT2562.html
HTTPS in Wikipedia:
https://en.wikipedia.org/wiki/HTTPS
Revision History:
Revision | Date | Description |
---|---|---|
4 | 2018-10-04 | Updated download information for IMM/IMM II and AMM |
3 | 2018-09-20 | Added LXCA download link, updated IMM & IMM II customer actions, added AMM |
2 | 2018-09-10 | Updated IMM2 product and function names. |
1 | 2018-09-06 | Initial release |
For a complete list of all Lenovo Product Security Advisories, click here.
For the most up to date information, please remain current with updates and advisories from Lenovo regarding your equipment and software. The information provided in this advisory is provided on an “as is” basis without any warranty or guarantee of any kind. Lenovo reserves the right to change or update this advisory at any time.
Your feedback helps to improve the overall experience