HENNGE Access Control Service will be updated with a new server certificate on 2020 Jan.
A part of the current users and customers may be affected as a result of this service update.
In order to prevent the impact of the possible risks happening, the following operation is required to be done before 12 Jan 2020.
The server-side certificate will only affect part of the customers. The following procedures outline how to check if your server will be affected by this service update and how to proceed if you are affected by this update. Please perform the procedures before the outlined date above.
2. Affected Customers
Server-side certificate update may cause incompatibility with your server if all of the following conditions are satisfied.
Please check if your current conditions met all of the following.
- Your company is using the HENNGE Access Control service.
- The users on HENNGE Access Control is synchronized with external services (such as Access Control, Microsoft 365).
- The user synchronization tool located in the server includes the HENNGE Directory Sync Tool as well.
If all of the above conditions are met, please follow the details in this article for reference.
How to check if HENNGE Directory Sync Tool requires Certificate Update
3. Required Operations for Server Update
For servers having HENNGE Directory Sync Tool installed, the certificate provided by Amazon is required to be installed on the server.
The certificate that is needed to be installed by the effected server is provided by Amazon.
In order to install the server certificate, the Admin permission is required on the server machine. Server does not have to be restarted after the installation.
For the detailed procedures on the operation, please refer to the article below.
HENNGE Directory Sync Tool Server Certificate Update Procedures
4. For Servers that Don't Perform the Required Update
For servers that don't perform the necessary updates accordingly to the update occurring on HENNGE Access Control service, User and Password information will not be able to be synchronized with the HENNGE Access Control Cloud.
Actual Results may depend on the customer's usage accordingly, but an example like the one outlined below could be possible.
- The User Information and Password Information changed on the Active Directory will not be updated to HENNGE Access Control.
- The User Information changed on HENNGE Access Control will not be updated to Microsoft 365 (Azure AD)
This update is planned to be taken place in the end of Jan 2020. Please ensure that you have done the required procedure before Jan 12 2020.
5. Detailed Technical Information
In order for Active Directory (AD) server to communicate with HENNGE Access Control securely, the communication message is encrypted via TLS protocol.
This kind of information encryption requires that the AD server to possess the same certificate to encrypt a message that HENNGE Access Control could decrypt.
The [ 1. Background ] paragraph outlined that the HENNGE Access Control service will update the server-side certificate on Jan 2020.
The Server-side certificate used for communicate encryption will be changed accompanying this update of the HENNGE Access Control.
Therefore, if the same certificate is not installed on the Active Directory Server when the HENNGE Access Control server certificate is updated, the communication protocol will be dysfunctional.
The above procedure is not only required for the Active Directory that has HENNGE Directory Sync Tool installed, but also for client side PC that are used by normal users.
The certificate is "Amazon Root CA 1" certificate provided by Amazon.
Amazon Root CA 1 Certificate is not only used by the HENNGE Access Control service, but also many websites across different web services.
Therefore, most client devices such as Windows PC, Mac PC, iPhone or Android should already have the certificate installed by default.
However, most Active Directory Servers possessed by companies that have HENNGE Directory Sync Tool installed, may not have the certificate installed because these Servers only have the minimum required functionality.
Therefore, it is safe to check ahead of time whether the server that has HENNGE Directory Sync Tool installed already have the "Amazon Root CA 1" certificate installed or now.
6. Support Contact
We have opened special support window for issues regarding the HENNGE Directory Sync Tool updates.
Please utilize the following links to contact our support.