The Menlo Cloud Security Platform (MCSP) root certificate managed by Menlo Security, Inc is due to expire on November 9 2025. The new root certificate first became available in February 2025 and must be deployed to client computers before November 9 2025 to allow continuous browsing through the MCSP. We recommend customers ensure the new root certificate is deployed and installed on target client computers by 1st October 2025, to ensure uninterrupted business continuity.
Actions
System administrators should follow these steps for a successful renewal:
- To obtain the new root certificate, refer to KB article Menlo Security Production SSL Inspection Root CA Certificate.
- Deploy the new root certificate to the target client computers using the same method your organization currently employs to distribute other 3rd party root certificates.
- Post deployment, confirm the installation of the root certificate. You can optionally remove the previous root certificate at any point either before or after its expiration on 9th November 2025. Both new and old root certificates can co-exist on the client computer.
Impact on end users:
There are no configuration changes required for end users, they will still be able to browse the internet as usual without any impact from the certification rollout.
Note: For Menlo Security Client (MSC) users, please upgrade to the MSC client version 1.5.0.102 or later which includes the new root certificate.
FAQ
Why is it necessary to roll out the new root certificate?
A new root certificate is needed with a new validity date to ensure availability of the MCSP service. When the current root certificate expires on November 9 2025, the certificate chain verification will fail, leading to service disruption.
As an end user, what do I need to do?
The process is transparent and seamless to the end user, requiring no action on their part.
What browsers are supported by the new root certificate?
Browsers supported by the MCSP will continue to function with the new root certificate.
What operating systems are supported by the new root certificate?
All operating systems supported by the MCSP will continue to function with the new root certificate.
As an administrator, can I leave the current root certificate on target client computers beyond 9th November 2025? Will it cause any problems if I do so?
Having both the existing and new root certificates on the target client computers will not cause issues.
Does the rollout of the new root certificate on the target client computers require a reboot?
A reboot of the target client computer is not required after the new root certificate has been deployed.
Applies to: Cloud
Date Written: August 2025
Comments
0 comments
Please sign in to leave a comment.