DXP SHA2 FAQ
Why is Liaison making this change?
As a trusted partner and good Internet citizen committed to strong network security practices, Liaison has been proactively upgrading its customer-facing certificates over the last 18 months to utilize the more secure cryptographic standard (SHA-256) for certificates on its strategic platforms. Certificate authorities (CA) have stopped issuing SHA-1 based certificates after January 1, 2016 and leading technology vendors such as Microsoft and Google will no longer support SHA-1 based certificates after December 31, 2016 or possibly sooner.
When will the SHA-256 based certificates be implemented on the DXP service?
Liaison will begin replacing the SHA-1 certificates with the more secure SHA-256 certificates in the DXP service starting with the UAT environment on March 13th, 2016 (change window is 5AM – 11AM EST). The SHA-256 based certificate is scheduled to be implemented on the DXP production environment on April 26th, 2016 (change window is 5PM – 9PM EST).
Am I impacted by this change?
Customers or trading partners who utilize secure protocols such as AS2, HTTPS, and/or FTPS to access the DXP service will be impacted by this change. In addition, customers or trading partners who use less common services such as RosettaNet, cXML, Inbound Web Service or Proxy Mode Service will also be impacted this change.
If I am a Managed Services customer, will I or my trading partner need to take action?
Yes, DXP users should update/confirm their contact information with the designated Liaison account manager to ensure we have the latest contact information. We also strongly encourage DXP customers forward any communications regarding this change to their trading partners to ensure they are aware of the upcoming change.
Do I need to upgrade/replace my existing AS2 certificate at this time?
Liaison is only replacing its certificate for the DXP service at this time. Existing customers and trading partners that have provided Liaison with their valid certificates for AS2 do not need to upgrade or replace their certificates at this time. Please contact PlatformMigration@liaison.com or +1 866 394 3571 if your current AS2 certificate is expiring or needs to be replaced.
What is the AS2 ID for Liaison’s DXP service?
AS2 IDs are unique for each DXP customer. If you have questions regarding the AS2 ID for Liaison’s DXP service, please contact PlatformMigration@liaison.com or +1 866 394 3571 for additional assistance.
How can I test my application?
We strongly encourage DXP customers and their trading partners utilize the DXP UAT environment (tp.uat.liaison.com and tp.uat.forestexpress.com) starting on March 14th, 2016 to test and confirm there are no issues with accepting the new SHA-256 based certificates.
Have my trading partners been contacted regarding this change?
Liaison sent the initial communications regarding this change to all current DXP users we have on file. Although Liaison tries to diligently maintain our contacts list, we also rely on our current users to provide us with any updates or changes to their contact or account information. We also strongly encourage DXP customers forward any communications regarding this change to their trading partners including InterConnect trading partners to ensure they are aware of the upcoming change. Please note that Liaison will not be able to directly notify InterConnect trading partners of this change as they are not Liaison customers. In addition, if you or your trading partners utilize spam filtering or other email security software, please make sure you allow notification emails from the following email address and domains:
- “liaison.com” and “constantcontact.com”
What if I or my trading partner(s) cannot support SHA-256 certificates?
If you or a trading partner cannot support SHA-256 based certificates, please contact PlatformMigration@Liaison.com to determine alternative options for accessing the DXP service using secure protocols such as AS2, HTTPS and FTPS. Our Support or Services team will work with you or your trading partner directly to determine the best alternative option to continue accessing the DXP service.
Are the source IP addresses changing as a result of this certificate upgrade?
We will continue to use our range of IP addresses: