Please note: This website includes an accessibility system. Press Control-F11 to adjust the website to the visually impaired who are using a screen reader; Press Control-F10 to open an accessibility menu.

Lenovo Replacing Distrusted GeoTrust Certificates With New DigiCert Certificates

Lenovo Replacing Distrusted GeoTrust Certificates With New DigiCert Certificates

Lenovo Replacing Distrusted GeoTrust Certificates With New DigiCert Certificates

Lenovo Security Advisory: LEN-24497

Scope of Impact: Industry-wide. Anyone using a GeoTrust certificate will need to update to DigiCert. Major browsers will stop trusting GeoTrust certificates as early as October.

Summary Description: Many Lenovo sites use PKI certificates issued by the GeoTrust Certificate Authority (CA). Well-documented shortcomings in GeoTrust's processes have led to the industry losing trust in this CA, and thus "distrusting" or disabling GeoTrust certificates. As a result, Lenovo is replacing all GeoTrust certificates with new ones issued by DigiCert. This will happen on September 21, 2018.

Many Lenovo support applications use HTTPS to communicate securely with Lenovo sites and some IBM sites. Each application must be updated to begin trusting the new DigiCert CA and certificates.

Mitigation Strategy for Customers (what you should do to protect yourself): Upgrade to the application version (or newer) for each product described in the Product Impact section below. Note that downlevel applications are not vulnerable because of this — rather the application "Functions Impacted" listed in the table will stop working on the given "Cutover Date".

Product Impact:

Product Functions Impacted Cutover Date Customer Actions
Lenovo XClarity Administrator Firmware Download, Lenovo Upload Facility, Warranty Status 2018-09-21 Options:
  1. Upgrade to XClarity Administrator 2.1.0
    https://support.lenovo.com/us/en/solutions/lnvo-lxcaupd
  2. Follow instructions at
    https://support.lenovo.com/us/en/solutions/ht506624
    Note: There are different instructions for different functions.
Lenovo XClarity Essentials UpdateXpress Electronic Download 2018-09-21 Options:
  1. Upgrade to version 2.3.0
    https://datacentersupport.lenovo.com/us/en/solutions/lnvo-xpress
  2. Replace the certificate in your current UpdateXpress by following instructions at:
    https://support.lenovo.com/us/en/solutions/HT507149
Lenovo XClarity Essentials Bootable Media Creator Electronic Download 2018-09-21 Upgrade to version 11.3.0
https://datacentersupport.lenovo.com/us/en/solutions/lnvo-bomc
Lenovo XClarity Essentials OneCLI Electronic Download 2018-09-21 Options:
  1. Upgrade to version 2.3.0
    https://datacentersupport.lenovo.com/us/en/solutions/lnvo-tcli
  2. Replace the certificate in your current OneCli by following instructions at:
    https://support.lenovo.com/us/en/solutions/HT507149
Lenovo XClarity Integrator for VMware vCenter Electronic Download 2018-09-21 Upgrade to version 5.4.0 with fixpack 2
https://support.lenovo.com/us/en/solutions/lnvo-vmware
Lenovo XClarity Integrator System Center Configuration Manager Electronic Download 2018-09-21 Upgrade to version 7.4.0 with fixpack 1
https://support.lenovo.com/us/en/solutions/lnvo-suap
Lenovo XClarity Integrator System Center Virtual Machine Manager Electronic Download 2018-09-21 Upgrade to version 3.4.0 with fixpack 1
https://support.lenovo.com/us/en/solutions/lnvo-scvmadd
Integrated Management Module, Integrated Management Module II Service and Support - Support Center After 2018-09-21 Firmware obtained from IBM Fix Central, and Firmware obtained from datacenterspport.lenovo.com code are both available for download.
Advanced Management Module Service and Support - Support Center After 2018-09-20 Advanced Management Module supporting DigiCert certificate is now available.

References:

Google "Chrome's Plan to Distrust Symantec Certificates":
https://security.googleblog.com/2017/09/chromes-plan-to-distrust-symantec.html

DigiCert "Replace Your Symantec SSL/TLS Certificates"
https://www.digicert.com/replace-your-symantec-ssl-tls-certificates/

DigiCert "Reissue Certificates before Distrust Deadlines":
https://knowledge.digicert.com/alerts/ALERT2562.html

HTTPS in Wikipedia:
https://en.wikipedia.org/wiki/HTTPS

Revision History:

Revision Date Description
4 2018-10-04 Updated download information for IMM/IMM II and AMM
3 2018-09-20 Added LXCA download link, updated IMM & IMM II customer actions, added AMM
2 2018-09-10 Updated IMM2 product and function names.
1 2018-09-06 Initial release

For a complete list of all Lenovo Product Security Advisories, click here.

For the most up to date information, please remain current with updates and advisories from Lenovo regarding your equipment and software. The information provided in this advisory is provided on an “as is” basis without any warranty or guarantee of any kind. Lenovo reserves the right to change or update this advisory at any time.


Alias Id:LEN-24497
Document ID:PS500182
Original Publish Date:09/07/2018
Last Modified Date:10/04/2018