Why Syspeace uses SHA-2 and important notes for Windows Server 2003 users

As of today, September 2, 2016, we have switched to using a SHA-2 SSL/TLS certificate for this web site, our Syspeace Licenses site used to manage and purchase licenses, as well as our backend server used by the Syspeace application. The SHA-2 hash algorithm is a newer and more robust hash algorithm than SHA-1, as previously used – SHA-1 has been globally deprecated for years, and since the beginning of 2016, no new SHA-1 certificates are issued by trusted Certificate Authorities.

SHA-2 is unsupported in Windows Server 2003 and 2003 R2, leading to the following:

  • Syspeace users on Windows Server 2003 will have to upgrade to a special Windows Server 2003 variant of Syspeace 2.6 that uses a self-signed, privately issued SHA-1 certificate to maintain the current functionality. This version, along with a special information page, has been available for weeks and we have contacted the affected Syspeace users with this information.
  • Access to any of the affected web sites may be restricted from the versions of Internet Explorer compatible with Windows Server 2003. We recommend using an alternative browser like Chrome or Firefox, or a different computer.

For these reasons, the renewal to the new certificate was done at the last moment (our previous certificate expires on September 3, 2016), to give our customers more time to adjust.

Syspeace Windows Server 2003 Support Policy

The current major release of Syspeace (2.x) will continue to be supported on Windows Server 2003 and Windows Server 2003 R2. We may introduce major new releases of Syspeace that will not run or be supported on Windows Server 2003 and Windows Server 2003 R2.

Microsoft’s extended support for Windows Server 2003 and Windows Server 2003 R2 ended on July 14, 2015. Our recommendation is that you, if possible, run a version of Windows Server currently supported by Microsoft and install all critical security fixes.

Syspeace, SHA-2 certificates and Windows Server 2003

Recently, the SSL certificate used for, the Syspeace Licenses site as well as backend Syspeace services was reissued with a signature using the SHA-2 hash algorithm.

The SHA-2 hash algorithm replaces the earlier, deprecated SHA-1 and moving forward is recommended by the CA Security Council.

However, some users on Windows Server 2003 have seen issues using the new certificates, due to Windows Server 2003 as shipped not being able to work with SHA-2 certificates. For this reason, we are reissuing our SSL certificate, now again using the SHA-1 hash algorithm.

We intend to once again move to SHA-2 when it is feasible to do so.