[SOLVED] Action required: Changes in Java affecting the operation of FirstSpirit

dleinich
Occasional Collector
0 0 987

Update 2017-03-31: FirstSpirit 5.2R7 and above are signed with new certificates and are not affected by the issue described here. Further re-signed versions can be found below.

---

Oracle plans to disable support for SHA-1 certificates in Java 8, Java 7 and Java 6 starting in April 2017. Both the FirstSpirit server and FirstSpirit clients use certificates signed with SHA-1 in its certificate chain. This change will thus prevent the FirstSpirit server, FirstSpirit SiteArchitect and FirstSpirit ServerManager from starting and running if one of the new JDKs/JREs is installed.

We will address this change by providing re-signed versions of the software not using certificates signed with SHA-1. The following versions have already been re-signed and are available for download. To download the re-signed versions, please follow the download links below. You need a personal login to access the download folder. Please contact our Technical Support if you do not have a personal login.

Course of action

To prevent your FirstSpirit installation from being affected by the change announced by Oracle please follow one of the two paths outlined below.

1) Update FirstSpirit (Recommended)

Download the re-signed version of the FirstSpirit version you are currently using from one of the links above and update your FirstSpirit installation. The re-signed versions are not affected by the change Oracle plans to introduce.

Please update to a re-signed version the same way you normally perform updates. If you are updating your existing, SHA-1 signed, version to the same re-signed version (i.e. 5.2.611 to 5.2.611), please remove the version.txt files from your preview servers to enforce an update of the web applications. If you have any questions about the process, please do not hesitate to contact the Technical Support team.


If you are using a FirstSpirit version not yet re-signed - and thus not generally supported anymore -, we strongly advise updating your installation to a supported version. If you are not able to update to a supported version in time, please contact our Technical Support team for an approach tailored to your specific situation.

2) Refrain from updating Java (Not recommended)

If it is not possible to follow the first path described above, please consider the following workaround. We explicitly do not recommend this approach as Java updates contain security patches that may be vital to the security of your infrastructure.


Do not update your JDK and/or JRE to a version containing the change mentioned above but stay on an older version. When using the FirstSpirit Launcher you can make sure that only supported Java versions are rolled out to the client. To learn more about the FirstSpirit Launcher, please refer to the Manual for Administrators.

Further information

You can find further information about this topic on the following sites:


If you have any questions regarding this matter, please contact our Technical Support team who will provide answers and help keeping your FirstSpirit system secure to our best knowledge.