首頁 > 最新消息 >針對Forcepoint Hybrid agent & Web security cloud 用戶的重要通知！

針對Forcepoint Hybrid agent & Web security cloud 用戶的重要通知！

針對Forcepoint Hybrid agent & Web security cloud 用戶的重要中英文版通知！

Title：Tech Alert: Customer Action Required by 8/1

Product Categories

Web_CloudWeb_Hybrid

Forcepoint will update its Root Certificate Authority (CA) used for SSL decryption on August 1st 2025 8:30AM UTC.
Important: Failure to follow the below steps risk breaking SSL decryption in your deployment.

Note: The following does not apply to Direct Connect F1E deployments. With DCEP,

the https:// web request is direct from the endpoint and is not proxied. Only the disposition

and endpoint configuration details are communicated with the Forcepoint cloud.

See Admin Help Direct Connect (Classic) for additional information.

Customer Required Actions:

Customer admins must download the new Root CA certificate file and install it for their end users

no later than July 31st 2025. Use your preferred distribution method for install.

Prior to the update on August 1st 2025 8:30AM UTC, customers must ensure that all web clients have

both the old and the new certificates installed and trusted in their end-user workstations.

Help / Resources:

New Root CA certificate file can be downloaded from https://pki.forcepoint.net/certs/forcepoint-cloud-ca-2025.crt

or via the Cloud Portal: Navigate to Web > Policy Management > Policies > Web Categories

Knowledge Article Video highlighting How to Download the Forcepoint Root CA Certificate and accompanied

Updating and Testing the Forcepoint Root CA

We are happy to provide test capabilities to ensure your new configuration works correctly.

See related KBA for details. Customers needing additional confirmation, validation or help are encouraged to

reach directly to our Technical Support team via the Customer Hub.

Additional information:

A combined cert (containing both the old, as well as the new cert) was previously made available in the cloud portal on April 7th.

We noticed that some customers faced issues while deploying this combined cert resulting in only the old Root CA being trusted

and SSL decryption not operating properly. We have since updated the cloud portal on July 23rd to only provide the new Root CA cert.

The old Root CA certificate can remain after the switch but having both certificates installed and trusted separately

is critical to ensure there is no adverse impact to your end users.

Forcepoint Hybrid / Cloud Web Customers need to take action to trust the updated Root CA or risk breaking SSL decryption.