NOTE: The deadline for the SHA2 certificate upgrade is just over a month away. We are revisiting the blog by guest blogger Christine Lengyel about what you need to do before the May 25th 2019 deadline arrives.
Prepare now for the SHA2 certificate upgrade required for device communications
Effective May 25, 2019, Xerox devices using the SHA-1 (Secure Hash Algorithm) security certificate will not be able to transmit their meter and supply usage data over the device-direct pathway. The replacement and more secure SHA-2 certificate will be required. Action is needed to ensure that your automated meter reads (AMR) and automated supplies replenishment (ASR) are not disrupted.
The list of affected products is available in the Security Bulletin found at www.xerox.com/sha2.
The options for each product family are specified in the bulletin:
- For most products, a customer-installable software upgrade will deliver the SHA-2 certificate and enable device-direct communication to continue.
- All Office products can use Xerox® Device Agent (XDA) and the proxy communication method to support remote services going forward.
To determine if your devices are impacted, review your machines’ current software levels and compare them to the minimum SHA-2 compliant software versions stated in the bulletin. You can find the current software version by printing a configuration report from your devices, or by looking in MySupport Portal.
Please perform the individual software upgrades to obtain the SHA-2 certificate and continue device-direct communication where possible. This communication method is beneficial because it provides a diagnostic payload that is used by our service agents to diagnose problems and arrive at solutions more quickly
Customers with multiple machines impacted by this change may find it efficient to use Xerox® Device Agent (XDA) as a solution. This free application takes approximately 15 minutes to install, and supports up to 2000 machines. It can be setup immediately and will work simultaneously with your current device-direct connections. When SHA-1 expires, machines that have not upgraded to SHA-2 will stop communicating device-direct, but XDA will continue to report the devices’ meter reads and supply replenishment needs. Visit our Remote Services online support assistant for information on how to use the device manager solution.
If you need assistance upgrading your device software or installing Xerox® Device Agent (XDA) your local support center will be able to assist you.
For more information on the connection methods and Remote Services, please consult the Security White Paper.