Last year there were some changes to the vPro VeriSign provisioning cert.
This change caused some confusion and a lot of users still have questions about it today!
Prior to May 17th2009, if you were ordering a “Standard SSL” vPro Provisioning certificate from VeriSign, you would get a cert signed by the G1 Root CA (742c3192e607e424eb4549542be1bbc53e6174e2).
The G1 root CA was a valid VeriSign hash in the ME firmware.
You would buy the G1 VeriSign cert and it would match the firmware and everything was fine!
You could also purchase the “Premium SSL Certificate” and you would get a cert signed by the same G1 Root CA (742c3192e607e424eb4549542be1bbc53e6174e2 ), again everything worked fine!
After May 17th, VeriSign made a few changes and the “Standard SSL” vPro Provisioning cert is now being signed with the G2 Root CA (85371ca6e550143dce2803471bde3a09e8f8770f).
The G2 hash was just recently added to our firmware. Here is a table showing the versions and which VeriSign cert they support:
VeriSign G1 Support VeriSign G1+G2 Support
Platform Averill < 2.2.20 2.2.20 + Santa Rosa < 2.6.20 2.6.20 + Weybridge < 3.2.10 3.2.10 + Montevina < 4.2.20 4.2.20 + McCreary < 5.1.10 5.1.10 +
So make sure you have at least this version of Firmware if you are planning on using the “Standard SSL” (G2) vPro Provisioning cert from VeriSign!
Not all OEMs have released the latest version of firmware, and if your OEM does not have the latest “G2” supported firmware released, you can still purchase the “Premium SSL Certificate” which is signed by the G1 Root CA.
Here is a complete list of supported Hashes:
VeriSign Class 3 Public Primary CA – G1
74 2c 31 92 e6 07 e4 24 eb 45 49 54 2b e1 bb c5 3e 61 74 e2
VeriSign Class 3 Public Primary CA – G2 (See the table above)
85 37 1c a6 e5 50 14 3d ce 28 03 47 1b de 3a 09 e8 f8 77 0f
VeriSign Class 3 Public Primary CA – G3
13 2d 0d 45 53 4b 69 97 cd b2 d5 c3 39 e2 55 76 60 9b 5c c6
Go Daddy Class 2 CA
27 96 ba e6 3f 18 01 e2 77 26 1b a0 d7 77 70 02 8f 20 ee e4
Comodo AAA CA
d1 eb 23 a4 6d 17 d6 8f d9 25 64 c2 f1 f1 60 17 64 d8 e3 49
Starfield Class 2 CA
ad 7e 1c 28 b0 64 ef 8f 60 03 40 20 14 c3 d0 e3 37 0e b5 8a
VeriSign has also updated their Knowledgebase:
There are also a few expert center posts from last year that highlight the changes:
Let me know if you have any questions!