Beginning 28th January, we have noticed a problem where older Windows XP computers running the Signagelive client application have had their Global Sign Certificate expire - https://support.globalsign.com/customer/portal/articles/1426272
This certificate enables the Signagelive client to securely connect to the Signagelive Server.
The SSL certificate we provide on our servers is periodically renewed by us, however that certificate is also signed by an Intermediary and Root certificate. In our case this is done by GlobalSign, with certificates that are built into all operating systems. On Microsoft Windows Vista and above, the renewal of these certificates is handled by a background process in the operating system. On Windows XP, this was handled by Microsoft Windows updates.
In cases where Windows updates are switched off which is the case on many Windows XP Embedded computers this update has never occurred. Whilst not a Signagelive software problem, once we have discovered the issue we have tried numerous solutions to resolve this problem for customers that have been affected and have routinely updated our clients since discovering the issue. A summary of the work and updates completed is as follows :
- Purchasing and changing our SSL certificate on our servers to another provider, however on many Windows XP computers our new suppliers DigiCert's root certificate is also not up to date .
- Issuing a hot fix to devices that are connecting to ensure that the root certificate are updated
- Issue a hot fix for manual installation
- Contact all end users likely to be affected by this fault to either talk them through manual installation of the hot fix or remotely install it for them
- We have since discovered that LogMeIn (remote access software) are also affected by this problem - see http://community.logmein.com/t5/Rescue/Expired-Certificates-Cannot-connect-to-customers/m-p/111385#M3258 in this case a physical site visit will be required to install the hot fix.
Users of other remote access software such as Remote Desktop, TeamViewer are not affected by this fault and will be able to remotely update the root certificates.
Details of the hot fix can be found at:
http://www.microsoft.com/en-us/download/details.aspx?id=41084 If you are unable to access the Microsoft site the hot fix is available at via download from Signagelive at https://static.signagelive.com/media/rootsupd.zip In summary, we have attempted everything within our capabilities to try and resolve the Windows SLL certificate expiry issue for affected customers, but for those customers that remain affected, you will need to organise an on-site visit to install the Windows hot-fix on each affected player. We recommend that you download the hot fix prior to visiting the player on a USB stick as you may not be able to do so at the player location. If you require any further advice or any assistance, our support team are available via our live chat facility to assist you to bring your Windows PC players back online with Signagelive.