FAQ: Everything to know about the move to SHA2
In accordance with industry standards, effective May 25, 2019, the SHA-1 security certificate will expire, and its successor (SHA-2 certificate) will be required to authenticate devices’ direct communication with the Xerox server. This communication pathway provides that data needed for services and support, including Automated Meter Reads (AMR) and Automated Supply Replenishment (ASR). The list of affected products and more information about this change is available in the Security Bulletin found at www.xerox.com/sha2. The affected machines will require a software upgrade to obtain the SHA-2 certificate, or will need to use a device manager application going forward. Continue reading to find answers to the most frequently asked questions.
- Why is the upgrade to SHA-2 relevant to me?
If you rely on services such as AMR and ASR, your services could be impacted if action is not taken.
- Why is this upgrade happening?
Security is important to Xerox. Authentication must be made using SHA-2 certificates to comply with the latest data transmission security practices.
- How do I know if my machines are affected by this?
If your machine communicates device direct, and its software is below the minimum SHA-2 compliant level specified in the security bulletin,, then it is affected by this upgrade. Run a configuration report from your printer to find its current software level.
- How do I ensure my services are not interrupted?
Perform the recommended software upgrades to obtain the SHA-2 certificate for ongoing device-direct communication, or install a Device Manager.
- How can I determine which communication pathways my device uses for AMR and ASR?
You have a few options. When checking, please note that “Proxy” communication is synonymous for device manager (e.g. XDA), and “direct” indicates device-direct communication.
- If you have a MySupport Portal account setup, you can view your Communication Method(s) there.
- Search by serial number using the Device Connectivity Lookup Tool website, at https://app3.support.xerox.com/GRSDeviceData/ and view the Communication Method column.
- For device direct: check the communication status on the printer’s web UI. Consult the Xerox online support assistant for product-specific instructions.
- For device manager: confirm the devices in question are showing up in the list of Printers in your XDA/XDM application.
- Why are some of my Xerox products currently using a SHA-1 certificate?
For many years, Xerox products and software updates have been adopting the SHA-2 certificate. Some machines at their original or early software versions still have the SHA-1 certificate.
- I use a device manager (XDA, XDM, CWW). Am I affected by this?
Device manager communications are not affected by this change. However, if your machine also currently communicates device-direct and is at the SHA-1 certificate level, the device-direct communication will be impacted. The device manager will sustain automated billing and supply replenishment.
- What will happen if I do not upgrade my device software to the SHA-2 level?
You may see a communication failure alert on the machine. Xerox will not receive the meter reads and supply levels via the device-direct pathway. If a device manager (XDA, XDM, CWW) is not being used as a secondary communication method, the automated services such as AMR and ASR will be interrupted.
- Is a service technician needed to upgrade the software and obtain the SHA-2 certificate?
No. The upgrades are all customer-installable. If assistance is required, a Global Digital Support agent can help.
- What should I do if I have many machines that are affected by this?
Consider using a device manager (XDA/XDM) now to immediately prepare for this, and then upgrade the device software packages overtime to apply the SHA-2 certificate and allow device-direct to continue, wherever possible. XDA/XDM will work concurrently with your current device-direct connections, and will continue on after the SHA-1 expiration date.
- Why should I upgrade software to continue device direct, if I’m going to use a device manager?
Continuing device-direct will ensure your printer’s diagnostic data is sent to Xerox, which is useful for troubleshooting.