This week, our Server License users are receiving automatic system messages from their ISL Conference Proxy servers: “Authenticode will expire on 2016-08-20”.
What Server License users should do about this?
There is absolutely no urgency to handle this and it, by all means, will not affect your work nor compromise the security of your system. However, all system administrators who manage the ISL Online Server License in their organisation are recommended to follow the procedure described below in order to solve this issue and remove the automatic system notification about certificate expiry.
Procedure for ISL Online system administrators
1. Log in to your ISL Online Account.
2. Create a new packet to get the new license file.
3. Upload the new license file to your ISL Conference Proxy.
4. Go to the server running ISL Conference Proxy.
5. Open the web administration page: http://localhost:7615/conf.
6. Log in as user admin.
7. Select Online Update and apply all available updates.
8. Restart ISL Conference Proxy.
The story behind the update
Effective from 1st January 2016, Microsoft no longer supports applications signed with a SHA-1 code signing certificate, therefore, ISL Online has been using both SHA-1 and SHA-2 certificates since 4th June 2015 to make the final transition less painful for users. In fact, all ISL Online applications have been double signed with SHA-1 and SHA-2 hash functions since.
As of today, ISL Conference Proxy uses only the more secure SHA-2 certificate, since the obsolete security certificate, SHA-1, has been completely removed. The reason for finally eliminating SHA-1 is its pending expiry scheduled for 20th August 2016.
Does this apply to Hosted Service users as well?
No, absolutely not. ISL Online team has been preparing for this migration for a year now and we can definitely say that we are ready. Our Hosted Service (cloud) users do not need to worry and won’t feel the transition to SHA-2 as all has been tested and works properly.