Introduction

In 2024, Google announced its plan to discontinue support for Entrust Certificate Authority (CA) in Google Services (such as Chrome, one of the most used Web Browsers) by October 2025 (Reference: Google Online Security Blog: Sustaining Digital Certificate Security - Entrust Certificate Distrust). RSA used Entrust CA in RSA ID Plus, and in applications such as RSA Authentication Manager, RSA Authenticate app, and RSA Authenticator app. RSA is therefore moving to a new CA, which is already used in ID Plus and in the latest versions of RSA Authentication Manager and RSA Authenticator app.

Affected Products

• Authentication Manager, all versions supporting hybrid use cases connected to RSA ID Plus
  • Authentication Managers not connected to ID Plus are not impacted, but it is always a good practice for organizations to upgrade to the latest version of Authentication Manager to benefit from new features and security updates.
• RSA Authenticate app for iOS and Android, all versions
• RSA Authenticator app for iOS and Android, all versions prior to V4.5, when authenticating with cloud-based (RSA ID Plus) credentials
  • Users authenticating only with on-prem (Authentication Manager) based credentials are not impacted, but it is always a good practice for users to upgrade to the latest version of authentication applications to benefit from new features, security updates, and the latest OS qualifications.

No other RSA products are affected.

Required Actions

• Authentication Manager used with ID Plus in Hybrid/High Availability Mode
  Authentication Manager 8.8: No action required. AM 8.8, which was released in April 2025, includes the required new certificates.
  Authentication Manager 8.7 SP2: Install AM 8.7 SP2 Patch 6, which includes the required new certificates.
  Authentication Manager 8.7 SP1: Install AM 8.7 SP1 Patch 3 Hotfix 2. For more details, see Authentication Manager 8.7 SP1 Patch 3 Hotfix 2 Read Me.
  Authentication Manager 8.7: Install AM 8.7 Patch 4 Hotfix 2. For more details, see Authentication Manager 8.7 Patch 4 Hotfix 2 Read Me.
  Authentication Manager 8.6: Install AM 8.6 Patch 4 Hotfix 2. For more details, see Authentication Manager 8.6 Patch 4 Hotfix 2 Read Me.
  
  Customers using an older/no longer supported version of Authentication Manager in Hybrid/High Availability Mode with ID Plus must upgrade to any of the supported versions listed above before the end of October 2025 to continue using AM with ID Plus.
  
  
• RSA Authenticate app for iOS and Android
  All RSA Authenticate app for iOS and Android users must migrate to the latest RSA Authenticator app (current version 4.5.3) before October 2025. For further information, refer to the following advisory, published on March 27, 2025: Time is Running Out – Users Must Migrate from the Legacy RSA Authenticate App to the Supported RSA Authenticator App by October 2025.
  
  
• RSA Authenticator app for iOS and Android versions earlier than 4.5 with ID Plus
  RSA Authenticator app for iOS and Android prior to V4.5 and authenticating with ID Plus must be upgraded to the latest RSA Authenticator app, currently V4.5.x, before October 2025. On upgrade, all credentials will be migrated seamlessly. Starting from the May 2025 ID Plus release, every time a user authenticates with ID Plus to access a web-based resource using the RSA Authenticator app for iOS and Android with a version earlier than 4.5, they will be presented with the following prompt.
  
  Note: The prompt will appear when a user looks to authenticate with a web-based resource, such as Salesforce. It will not appear when a user looks to authenticate with an RSA Agent, such as the RSA MFA Agent for Windows or RSA Agent for MacOS. Users authenticating with RSA Agents will have to be reminded separately by their organizations of the need to upgrade.