Change Notification Increased Security for Data Xchange Platform (DXP)
March 2nd, 2016
As a trusted partner and good Internet citizen supporting strong network security practices, Liaison has been proactively upgrading its customer-facing certificates over the last 18 months to utilize the more secure cryptographic standard for certificates on its strategic platforms. It is now time to begin migrating the Data Xchange Platform (DXP) to the new cryptographic standard. To meet the needs and requirements of our customers, Liaison designed the DXP certificate migration timeline to give all customers and their trading partners sufficient time to prepare for this change while maintaining a stable and secure environment.
What is Changing?
Liaison will begin replacing the current SHA-1 based certificates with the more secure SHA-256 based certificates on its DXP service for both secure inbound and outbound communications such as HTTPS, AS2 and FTPS. Certificate authorities (CA) have stopped issuing SHA-1 based certificates after January 1, 2016 and leading technology vendors such as Microsoft and Google will no longer support SHA-1 based certificates after December 31, 2016 or possibly sooner.
When is this Happening?
- DXP UAT (Test) Environment
- Begin March 13th, 2016 5:00 AM EST (GMT-5)
- End March 13th, 2016 11:00 AM EST (GMT-5)
- DXP Production Environment
- Begin April 26th, 2016 5:00 PM EST (GMT-5)*
- End April 26th, 2016 9:00 PM EST (GMT-5)*
What is Affected?
- URLs Affected
- Protocols Affected
- HTTPS Inbound to Liaison
- AS2 Inbound to & Outbound from Liaison
- FTPS Inbound to Liaison (AKA: FTP-ES, FTP-SSL, and FTP Secure)
- Less Common Services
- Inbound Web Service
- Proxy Mode Service
What Do I Need To Do?
NOTE: Users who do not utilize secure protocols to send or receive files on DXP do not need to take any actions to continue using the service.
In order for users to continue accessing the DXP service via secure protocols such as HTTPS, AS2 and FTPS after the certificate change dates above, customers and their trading partners need to confirm their operating systems, middleware and integration applications are capable of accepting SHA-256 based certificates.
Please inform your trading partners of this change by forwarding them this message. In addition, we strongly encourage customers and their trading partners utilize the DXP UAT instance to test and confirm there are no issues with accepting the new SHA-256 based certificates.
The new SHA-256 based certificates for the DXP service can be downloaded from the link below. The new certificates are located in the “New DXP Certificates” section and labeled “DXP UAT Certificates 2016” and “DXP Production Certificates 2016” which will be available starting on March 7th.
If you or your trading partner is not capable of accepting the new SHA-256 based certificates, please contact PlatformMigration@Liaison.com to determine alternative options for accessing the DXP service using secure protocols
For more information:
Please contact PlatformMigration@liaison.com or +1 866 394 3571 if you have additional questions or concerns regarding the DXP migration to SHA-256 based certificates. For answers to frequently asked questions, visit DXP SHA2 FAQ.