If you were still thinking about placing an order for a new Microsoft Surface Book, then you will have to look somewhere other than the Microsoft store.

While there doesn’t seem to be a massive supply issue with the new Apple iPhone 6s smartphone, in the past we have seen Apple products sell out quickly and deliveries move from days, to weeks, to months. It seems that Microsoft’s new Surface Book may be generating more interest than planned.

Last night I went to the online Microsoft Store to place an order for a base model Surface Book. I found that the only available status when choosing that model was, “Email me when available.” I jumped through the other four models and discovered the same thing. It seems Microsoft is sold out of pre-order stock for all models at its online store.

We reached out to Microsoft to try to find out more about stock status and when buyers could expect to place pre-orders. I also asked if there will be units in Microsoft retail stores on launch day, 26 October. Given that units are sold out online, we may even see people queue up for possible stock in stores.

A Microsoft spokesperson provided the following statement, “We’ve seen strong demand for Surface Book and have sold out of pre-order supply for October 26 availability. We will have limited quantities of Surface Book available in store on October 26 and will be updating online availability with new product ship dates soon.”

UPDATE: Microsoft updated its store and is no allowing customers to pre-order the five Surface Book variations. What you will find instead of an email me when available button is updated delivery expectations, ranging from five to six weeks for three models and seven to eight weeks for two models.

While I was disappointed that I couldn’t purchase a Surface Book through Microsoft directly, I found that Best Buy and Amazon will also be selling this new computer. Best Buy did not appear to be taking pre-orders, but I was able to purchase the Intel Core i5, 8GB, 128GB model from Amazon for $1,499.

The Amazon website does not appear to carry the 256GB i5 without dGPU or 256GB i7 models. The 256GB i5 with dGPU looks to be the only other model available for pre-order. The 512GB i7 model is on the site as an option, but redirects you to the Microsoft Store for purchase and it’s not avaialable there.

Have questions?

Get help from IT Experts/Microsofts Cloud Solutions Partner
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LLC is a full Managed Web and Technology Services Company providing IT Services, Website Design Services, Server Support, Network Consulting, Internet Phones, Cloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

Microsoft gave its high-end Surface a leap forward on Tuesday with the unveiling of the Surface Pro 4 and the surprise launch of the Surface Book, the company’s first laptop.

Microsoft’s love affair with hardware just got more intense. If there were any doubts about the software juggernaut staying in the devices game, they were erased on Tuesday with one of the biggest and broadest hardware announcements in the company’s history.

Microsoft showed off a fleet of new and freshly updated Windows 10-powered devices in New York. The stars of the show were the Surface Pro 4 and the new Surface Book laptop, which were a potent answers to Apple’s recently unveiled iPad Pro and Google’s newly announed Pixel C.

According to Microsoft Devices lead engineer Panos Panay there are nearly 110 million devices running Windows 10. Most of the products Microsoft unveiled at Tuesday’s press event were intended to show how important mobile hardware and software integration with Windows 10 is to the company.

The event’s biggest surprise, the Surface Book, and the new Surface Pro 4 are powerful machines, and both aim to connect with both enterprise users and creative professionals. They succeed big time in the specs department. In terms of usability and adoption, we’ll know more after both are released on October 26.

The Surface Book is Microsoft’s first laptop, and it’s a fiery, ambitious device. The specs are decked, particularly given that the price is comparable to a Macbook Pro. The Surface Book starts at $1499, and comes with a full Intel Core i5 or i7 processor, 1TB of storage, 16GB RAM, and a GPU designed for gaming and multimedia editing by the Xbox team. Additionally, the 13.5-inch screen (3000 x 2000 resolution) can detach to become a stand-alone tablet.

The Surface Pro 4 tablet runs Windows 10 and, like its predecessors, can serve as a full-fledged laptop replacement. The Surface Pro 4 is, as expected, somewhat thinner and 30 percent faster than the previous model. It has 16GB of RAM, and comes with up to a terabyte of storage, and a 12.3-inch screen (2736 x 1824 resolution). Microsoft cloud and productivity apps Cortana, Windows Hello, Microsoft Office, and OneDrive are deeply integrated. The Surface Pro 4 starts at $899.

When the Surface debuted in 2012 running Windows 8, the tablet seemed like an awkward, out-of-place device. Today, the Surface Pro has been owning and innovating in the high-end tablet space. It’s become a favorite of design professionals, IT administrators, and others who want a productivity tablet.

Arguably, the success of the Surface Pro helped pull Apple and Google into the high-end professional tablet market. Google’s comparable new Pixel C is similarly powerful, features a keyboard cover, and is deeply tied to the Google cloud ecosystem. Yet, Google’s device does not feel as durable as the Surface Pro 4, and Office is still often an essential tool for business users looking for a full laptop replacement.

Apple’s iPad Pro is a powerful professional and creative tool. Apple’s high-end tablet is larger and slightly more expensive than the Surface Pro 4. Microsoft is banking that the integration of Windows 10 and universal apps will help the Surface stand on par with the iPad Pro.

Microsoft’s attention to detail with peripheral devices like the Type Pro cover and the Surface Pen stylus may lend them a slight edge in the professional tablet market. The new Surface Pro Type Cover, notable for its “precision glass trackpad” is a significant refinement over the previous generation. The cover still costs 130 dollars, but is lighter, more responsive, and features more space between the keys than the previous version.

Microsoft has worked hard to make the stylus seem useful and cool. The new Surface Pen is intended to feel like writing on paper. The stylus features a tip with 1,024 points of pressure sensitivity, an eraser (yes, an eraser!), year-long battery life, and comes in five colors. When not in use the pen is held snugly to the top of the tablet by magnets. Microsoft took great care to display the tablet tilted in portrait mode like a clipboard, with a pen resting on top. The company emphasized the tablet itself “just fades into the background” when used by office workers, doctors, architects, and musicians.

As with the Surface Pro 4 and Surface Book, the new Lumia 950 and 950 XL phones are powered by Windows 10, with special consideration to mobile productivity. The devices measure at 5.2 and 5.7 inches respectively, and feature an upgraded camera with a dedicated shutter release button.

The most unique and innovative announcement from Microsoft may have been the Display Doc. Intended to maximize workplace flexibility, and uncouple the enterprise user from the constraints of a laptop, the Microsoft Display Doc was initially announced at last spring’s Build conference as the Continuum docking station. The Display Doc is a small, square device that connects to any compatible Windows 10 mobile device like the Lumia 950 using three USB Type-3 ports, a DisplayPort and HDMI. When connected to a monitor using Display Doc, the phone will present a traditional Windows home screen, complete with the familiar Start button and icon tray. Though not as robust as a true desktop PC, the experience resembles desktop Windows and is able to manage productivity tasks like mail and messaging, document creation and sharing, and web browsing.

Windows 10 is at the core of the new Microsoft device environment. The company also announced updates to the Windows 10 universal app ecosystem [LINK], and a launch partnership with Facebook to expand the core Facebook, Messenger, and Instagram applications.

CEO Satya Nadella closed the event by stressing the importance of Windows 10 as a unified platform. Every device Microsoft released on Tuesday is a step towards fulfilling that vision. As impressive as the devices were, the biggest thing standing in their way perhaps is the stability of Windows 10

Have questions?

Get help from IT Experts/Microsofts Cloud Solutions Partner
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LLC is a full Managed Web and Technology Services Company providing IT Services, Website Design Services, Server Support, Network Consulting, Internet Phones, Cloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

One in 10 web-facing computers is still running Microsoft Windows Server 2003, according to a report – despite the OS no longer being patched by Microsoft.

Hundreds of thousands of computers are still using the Windows Server 2003 operating system – despite it no longer being patched against hacks.

Internet services found more than 600,000 web-facing computers, together hosting millions of websites, still running the OS that Microsoft ceased supporting in July this year.

The end of support means the OS no longer receives patches against viruses, spyware and other malware that might seek to exploit the system. The US Computer Emergency Readiness Team warns that those running Windows Server 2003 risk “loss of confidentiality, integrity, and or availability of data, system resources and business assets”.

Despite these risks, 175 million websites – what it terms “one-fifth of the internet” – are hosted on machines running Windows Server 2003. The OS also appears to be in use on computers sitting behind web servers for a further 1.7 million sites.

Together accounting for 55 percent, the US and China are home to the bulk of the machines running Windows Server 2003, with 166,000 in the US and 169,000 in China.

The unsupported nature of Windows Server 2003 makes it a tempting target for attackers – which is why it is important for firms to switch away from the OS as soon as possible.

“As time goes by, there will be some vulnerabilities that affect Windows Server 2003 and if those allow things like remote code execution and so on, we’re likely to see a massive number of web-facing computers and a much larger number of websites getting hacked. These could then go on to distribute malware and even be made into botnets to enable other attacks.

“Of course, because Windows Server 2003 is now unsupported, those people who try to find vulnerabilities might even now be particularly focusing on this platform because they know it won’t be fixed.”

Windows Server 2012 R2 is the most recent version of Microsoft’s server-targeted operating system – with a variety of options for licensing. In part, the cost of moving to a more recent Microsoft OS for the proportion of machines still running Windows Server 2003.

“[That proportion] is over 10 percent of all web-facing computers, and shows the true potential cost of migration,” the report states.

Moving a server to a Linux-based OS can be difficult for organisations that have traditionally used Windows Server, Mutton said, particularly if they rely heavily on scripts written for ASP.NET, Microsoft’s server-side web application framework.

The report lists several major firms and banks still running Windows Server 2003 machines, including UK bank NatWest, part of the larger publicly-owned Royal Bank of Scotland (RBS).

However, while Microsoft is no longer supporting the OS for most users, it will offer fixes for the OS to organisations willing to pay for a custom-support deal.

Such a deal was recently struck by the US Navy, which agreed to pay at least $9m to Microsoft to provide ongoing support for Windows XP, Office 2003, Exchange 2003 and Server 2003. A spokesman for RBS said NatWest is also covered by a custom support deal with Microsoft that began in March this year.

Firms without such a custom support deal in place that use Windows Server 2003 to serve sites that handle financial information could be in breach of data security standards, which carries out security testing and assessments for companies.

The requirement under Payment Card Industry Data Security Standard (PCI DSS) 6.2 that “all system components and software to be protected from known vulnerabilities by installing vendor-supplied

“Many merchants still using Windows Server 2003 are likely to be noncompliant and could face fines, increased transaction fees, reputational damage, or other potentially disastrous penalties such as cancelled accounts.”

Microsoft advises several options for machines still running Windows Server 2003 – including switching to Windows Server 2012 R2 or its cloud platform Microsoft Azure. It provides an interactive Windows Server 2003 Migration Planning Assistant.

Have questions?

Get help from IT Experts/Microsofts Cloud Solutions Partner
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LLC is a full Managed Web and Technology Services Company providing IT Services, Website Design Services, Server Support, Network Consulting, Internet Phones, Cloud Solutions Provider and much more. Contact for More Information.

Windows 10 is now available as a free update. Here is what you can expect when you say “yes” to the update.

Here’s a step-by-step walkthrough of the upgrade process while upgrading Windows 8 machine to Windows 10.

Launch Windows 10 upgrade through Windows Update

Look for the Update screen in Windows 8 and click the Check for Updates link. When the check is over, you will see the screen shown in Figure A.

As you can see, it is a 2699.0 MB download. Click the Get Started button and then the screen shown in Figure B will appear.

You may be able to get Windows 10 via a free update, but it still requires that you agree to a license/user agreement.

The next screen (Figure C) is very important. Updating takes about 2 hours depending upon the machine. If you cannot afford to be off your computer for that long, it may be a good idea to schedule a time when you can.

Installation process

After you start the update process, your PC will immediately restart. From that point on you will just have to wait for the update to finish. During update the screen gets blank for over an hour, so please don’t panic and turn your PC during this seeming lack of activity.

Your PC may also restart several times during the update, but eventually you will reach a screen that asks if you want to do an Express Configuration or a Custom Configuration. Express configuration will be the best choice for most people.

Note that the update does take a bit of bandwidth, so it might be more efficient to update one PC at a time.

When the entire update procedure is complete, you will be presented with the Windows 10 desktop or tablet interface depending on your device as you can see in Figure D.

There are new versions of OneDrive and the Snipping Tool in Windows 10. Of course, there is also the new web browser, Microsoft Edge, too.

Get Windows 10 without using Windows Update

If you would like to get Windows 10 without going through the update process, for a clean install for example, then you will have to download the Windows 10 ISO file.

If you have a Windows Vista or Windows XP PC you would like to update, you have to purchase Windows 10. Windows 10 Home will cost you $119, while Windows 10 Pro will cost $199.

As of July 29, 2015, most new devices will be available with either Windows 10 or Windows 8.1, which can be upgraded to Windows 10 for free. If your PC is more than a few years old, it might make more sense to spend money on a new device rather than to update an old one.

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LLC is a full Managed Web and Technology Services Company providing IT Services, Website Design Services, Server Support, Network Consulting, Internet Phones, Cloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

Network Share access denial is another issue that users are facing with Windows 10.

Recent upgrade to Windows 10 all of a sudden makes network share no longer accessible on Windows machines you may have in your environment.

Here is the tutorial that solves the issue.

Problem

This is what you see when you try to go to any \\something network share:

\\something is not accessible. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions. The account is not authorized to log in from this station.

There’s some changes in the Windows 10 internals which results in the access denial. The new build does not allow anonymous (guest) access to shares by default, as a security measure.It can be resolved by creating a new registry key in the right hive and rebooting.

Solution

Fire up the registry editor (regedit). Navigate to:

Here, you will need to create a new parameter (32-bit DWORD). Right-click:

Then, name it AllowInsecureGuestAuth and assign it a value of 1.

The hive should look thusly:

And you’re done. Reboot, and enjoy your network access.

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LLC is a full Managed Web and Technology Services Company providing IT Services, Website Design Services, Server Support, Network Consulting, Internet Phones, Cloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

TECHIEDEPOT.COM

Your #1 Source for the Best Printer Ink Cartridges

Looking to save on toner ?  Save upto 35% when you order Re-manufactured Toner Cartridges with TECHIE DEPOT. Our toner cartridges are intelligently re-engineered and environmentally friendly.   We offer a 3 year 100% warranty whereas most OEMs only offer a 1 year warranty.

We guarantee our products will perform better than any other aftermarket imaging product.  Rest assure you never have to worry about leaking cartridges because of our Patented Ultrasonic and Gasket Seal Technologies.  Our Secondary cleaning System also eliminates streaking.  Our toner cartridges are ISO Certified for OEM page yield and quality.  With our Extended Yield Cartridges you will get up to 100% more yield.

You will find that we are different because everyone is not as committed to quality like we are and our product is better built and more consistent.  Our cartridges have a documented 99.2% success rate and for 7 consecutive years we were awarded the best quality supplier in the aftermarket  by Recharger Magazine.

Pay less for great quality, we are sure you won’t be disappointed with our product.  Contact us and place your order today!

Microsoft Word

Sorting data in a Word document isn’t something you routinely do. On the other hand, presenting list and table data is, so the potential exists that one day you’ll want to sort something. The good news is that it’s easy to sort data in a table or a list. In this article, I’ll show you how to do just that. We’ll work through a few simple sorting examples. You can use most any table, or you can download the example .docx or .doc file.

Behind the scenes

Word relies on paragraphs when sorting, which seems a bit odd within the context of a table (or list). The paragraph formatting mark determines where one paragraph ends and the next starts. As you can see in Figure A, there’s no paragraph mark in a table. The end-of-cell markers denote the end of each cell’s content. The similar marker at the end of each row (outside the right border) is an end-of-row marker. These markers also contain cell and row formatting. When sorting a table, Word relies on the end-of-row marker to identify where one row ends and the next begins, the same way the paragraph mark does. (To see a document’s formatting symbols, click Show/Hide in the Paragraph group on the Home tab.)

Figure A

Sort by the first column

We’ll start with the simplest sort possible; we’ll sort a table by the values in the first column. To do so, select, the table by clicking its move handle (the small square in the top-left corner). If you don’t see this handle, check the view. It’s available only in Print Layout and Web Layout. With the entire table selected, do the following:

1. Click the contextual Layout tab. In the Data group, click Sort — or click Sort in the Paragraph group on the Home tab. In Word 2003, choose Sort from the Table menu.
2. The resulting dialog does a good job of anticipating the sort. Notice that the Header Row option (at the bottom) is selected. As a result, the Sort By field is set to Species — the label in the first column’s header (Figure B).
   Figure B

3. This is exactly what we want, so click OK. Figure C shows the sorted table.
   Figure C

Before we move on, let’s discuss the Type and Using options to the right. We didn’t need to change either, but sometimes you will. The Type options are Text, Number, and Date. Word usually defaults to the appropriate data type. You can force a specific type by choosing a different option other than the one Word assumes (but you’ll rarely have reason to do so). The Using options defaults to Paragraph — we talked about that earlier.

Sort by the second column

That first exercise was easy. Let’s complicate things a bit by sorting by the second column. Fortunately, it’s just as easy as the first. Repeat steps 1 and 2 from the first exercise. Then, do the following:

1. In the resulting dialog, click the Sort By drop-down.
2. Choose Common Name, the header label for the second column.
3. Click OK. Figure D shows the results of sorting by the second column.
   Figure D

That wasn’t any more difficult that the first sort. Tell Word which column contains the values you want to sort by and click OK — that’s it!

Sort by multiple columns

With only two sort tasks under your belt, you’re beginning to see how simple the sorting process in Word can be. Let’s complicate things a bit so you can see how flexible this feature truly is. Let’s sort by the Class column and then sort the bird and mammal groups in a secondary sort. Repeat steps 1 and 2 from the first two exercises. Then, do the following:

1. To sort by the Class, choose Class from the Sort By drop-down.
2. To further sort each class group, click Common Name from the Then by drop-down (Figure E). You could add a third column to the sort if the results warranted the additional grouping.
   Figure E

3. Click OK to see the results shown in Figure F.
   Figure F

What about lists?

You might be wondering how to sort the same data in list form. Word handles the list sort the same way — the exact same way. Highlight the list and click Sort in the Paragraph group on the Home tab. In the resulting dialog, check the header option and set appropriately (if necessary). Then, determine the sort order by choosing the fields (columns), appropriately.Figure G shows the result of sorting the same data in list form.

Figure G

Sort a columnar list the same way you sort a table.

South Jersey Techies

South Jersey Techies is a high quality VOIP provider.

Our VOIP Solutions let you combine voice and data into a single, easy to manage service and helps you focus on your business, not your network and phone systems.

You can control how your calls are routed from a simple, web based portal accessible from any browser in the world. Use the Find-me/Follow-me feature to make sure you never miss another important call, no matter where you are. With this premium level feature, you get to decide which business calls get through to you at your desk, your cell phone or even at home if you like. You also get to decide which callers go directly to voice mail without even ringing your line.

South Jersey Techies offers a wide range of VOIP Phone Services.  We also offer cheaper, simpler plans that include both local and nationwide long distance calling.

With our hosted VoIP solution there is no expensive PBX equipment in your office to go down, fail or get damaged during a storm. Only your IP phone handsets reside in your office, and those can be easily taken out and moved at any time.

“Go VOIP – Go Green – it has a good ring to it don’t you think”

South Jersey Techies VoIP systems are more energy efficient and help reduce the need for work related travel and car usage.  Our VOIP Solutions also help reduce paper usage. A great example of this is the fax to e-mail system enabling your company to save on paper usage as the fax no longer has to be printed out, and this applies to both incoming and outgoing faxes.

South Jersey Techies VOIP Advantages:

• Lower Costs: Save money by combining your phone and data networks
• Greater Functionality
• Less maintenance
• Excellent Voice Clarity and Call quality
• Free calling features with optional advanced features
• Mobility: The ability to use your smartphone as an extension of the office phone system, including the ability to have business calls automatically directed to your cell phone and make outbound calls from your smartphone as your office number.
• Portability: The ability to use any computer or office phone as your personal extension.
• Flexibility: The ability to redesign your phone system on the fly by simply logging into your VoIP provider’s dashboard.

For more information please visit out websites below, we look forward to serving you:

http://southjerseytechies.net/voip.php

http://www.sjtechies.com/voip-phone-services/

Set Up Microsoft Exchange E-Mail on an Apple iPhone, iPad, or iPod Touch

Following a recommendation by the National Institute of Standards and Technology (NIST), Microsoft will block Windows from accepting SSL certificates encrypted with the Secure Hash Algorithm-1 (SHA-1) algorithm after 2016. Given the number of mission-critical SSL certificates that are allowed to expire from inattention, administrators have their work cut out for them. By knowing what will happen, why it’s happening, and what you need to do, you won’t be surprised by these important policy changes.

What’s Happening?

On November 12, 2013, Microsoft announced that it’s deprecating the use of the SHA-1 algorithm in SSL and code signing certificates. The Windows PKI blog post “SHA1 Deprecation Policy” states that Windows will stop accepting SHA-1 end-entity certificates by January 1, 2017, and will stop accepting SHA-1 code signing certificates without timestamps after January 1, 2016. This policy officially applies to Windows Vista and later, and Windows Server 2008 and later, but it will also affect Windows XP and Windows Server 2003.

SHA-1 is currently the most widely used digest algorithm. In total, more than 98 percent of all SSL certificates in use on the Web are still using the SHA-1 algorithm and more than 92 percent of the certificates issued in the past year were issued using SHA-1.

Website operators should be aware that Google Chrome has started warning end users when they connect to a secure website using SSL certificates encrypted with the SHA-1 algorithm. Beginning in November 2014 with Chrome 39, end users will see visual indicators in the HTTP Secure (HTTPS) address bar when the site to which they’re connecting doesn’t meet the SHA-2 requirement. Figure 1 shows those indicators.

Google is doing this to raise end users’ awareness and to help guide other members of the Internet community to replace their SHA-1 certificates with SHA-2 certificates.

Why Is Microsoft Deprecating SHA-1?

SHA-1 has been in use among Certificate Authorities (CAs) since the U.S. National Security Agency (NSA) and NIST first published the specification in 1995. In January 2011, NIST released Special Publication 800-131A, “Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths.” This publication noted that SHA-1 shouldn’t be trusted past January 2016 because of the increasing practicality that a well-funded attacker or government could find a SHA-1 hash collision, allowing them to impersonate any SSL website.

Realizing that it’s highly unlikely that CAs and the industry at large will adopt more powerful encryption algorithms on their own, Microsoft is leading the charge by making Windows reject certificates using SHA-1 after January 1, 2017. Doing this will lead website operators to upgrade to stronger SHA-2 certificates for the betterment of all Windows users and the broader public key infrastructure (PKI) community. The Windows PKI blog post “SHA1 Deprecation Policy” noted that, “The quicker we can make such a transition, the fewer SHA-1 certificates there will be when collisions attacks occur and the sooner we can disable SHA1 certificates.”

In the end, the issue isn’t if SHA-1 encryption will be cracked but rather when it will be cracked.

What Do I Need to Do?

January 1, 2017, might seem like a long way away, but now is the time to understand the problem and how to mitigate it.

As per Microsoft’s SHA-1 deprecation policy, Windows users don’t need to do anything in response to this new technical requirement. XP Service Pack 3 (SP3) and later versions support SHA-2 SSL certificates. Server 2003 SP2 and later versions add SHA-2 functionality to SSL certificates by applying hotfixes (KB968730 and KB938397).

Web administrators must request new certificates to replace SHA-1 SSL and code-signing certificates that expire after January 1, 2017. As of this writing, that would probably affect only public SHA-1 certificates that were purchased with a long expiration date (three years or more) or long-duration certificates issued by internal SHA-1 CAs. Most third-party CAs will rekey their certificates for free, so you simply need to contact the CA to request a rekeyed certificate that uses the SHA-2 algorithm.

When ordering new SSL certificates, you should confirm with the CA that they’re being issued with the SHA-2 algorithm. New certificates with expiration dates after January 1, 2017, can only use SHA-2. Code-signing certificates with expiration dates after December 31, 2015, must also use SHA-2.

Note that the algorithm used in SHA-2 certificates is actually encoded to use SHA-256, SHA-384, or SHA-512. All of these are SHA-2 algorithms; the SHA number (e.g., 256) specifies the number of bits in the hash. The larger the hash, the more secure the certificate but possibly with less compatibility.

It’s important that the certificate chain be encrypted with SHA-2 certificates. (A certificate chain consists of all the certificates needed to certify the end certificate.) This means that any intermediate certificates must also use SHA-2 after January 1, 2017. Typically, your CA will provide the intermediate and root CA certificates when they provide the SHA-2 certificate. Sometimes they provide a link for you to download the certificate chain. It’s important that you update this chain with SHA-2 certificates. Otherwise, Windows might not trust your new SHA-2 certificate.

Root certificates are a different story. These can actually be SHA-1 certificates because Windows implicitly trusts these certificates since the OS trusts the root certificate public key directly. A root certificate is self-signed and isn’t signed by another entity that has been given authority.

For the same reason, any self-signed certificate can use the SHA-1 algorithm. For example, Microsoft Exchange Server generates self-signed SHA-1 certificates during installation. These certificates are exempt from the new SHA-2 policy since they aren’t chained to a CA. I expect, however, that future releases of Exchange will use SHA-2 in self-signed certificates.

What About My Enterprise CAs?

If your organization has its own internal CA PKI, you’ll want to ensure that it’s generating SHA-2 certificates. How this is done depends on whether the CA is running Windows Server 2008 R2 or later and if your CA has subordinate CAs.

If you have a Server 2008 R2 or later single-root CA without subordinates, you should update the CA to use SHA-2. Doing so will ensure that subsequent certificates generated will use the SHA-2 algorithm. To check which hash algorithm is being used, you can right-click the CA and go to the General tab. If SHA-1 is listed, you can run the following certutil command to configure the CA to use the SHA-256 algorithm:

You must restart the CertSvc service to apply the change. Now when you view the CA properties, you’ll see that the hash algorithm is SHA-256. All future certificates issued by this CA will use SHA-256, but keep in mind that existing certificates will still be using SHA-1. You need to renew any SHA-1 certificates issued by this CA to upgrade them to SHA-2 certificates.

If your CA is older than Server 2008 R2, you can’t upgrade the CA to use SHA-2. You’ll need to rebuild it with a newer version.

If your organization’s internal CA is multi-tiered with one or more subordinate CAs, you’ll need to reconfigure them to use SHA-2. This is done using the same certutil command just given on each subordinate or issuing CA. Keep in mind that if you use subordinate CAs, you’re not required to update the root CA to SHA-2 since that certificate is at the top of the certificate chain, but it won’t cause any problems if you do. You still need to renew any SHA-1 certificates issued by the subordinate CAs to upgrade them to SHA-2 certificates.

Take Action Now

Administrators and website operators should identify all the SSL certificates used in their organizations and take action, as follows:

• SHA-1 SSL certificates expiring before January 1, 2017, will need to be replaced with a SHA-2 equivalent certificate.
• SHA-1 SSL certificates expiring after January 1, 2017, should be replaced with a SHA-2 certificate at the earliest convenience.
• Any SHA-2 certificate chained to an SHA-1 intermediate certificate should be replaced with another one chained to an SHA-2 intermediate certificate.

The following tools and websites are useful for testing and for further information about SHA-1 remediation:

• Microsoft Security Advisory 2880823. This website discusses the deprecation policy for the SHA-1 hashing algorithm for the Microsoft Root Certificate Program.
• Migrating a Certification Authority Key from a Cryptographic Service Provider (CSP) to a Key Storage Provider (KSP). The section “How to migrate a CA from a CSP to a KSP and optionally, from SHA-1 to SHA-2” in this TechNet web page provides detailed instructions for upgrading a CA to use SHA-2.
• “Gradually sunsetting SHA-1.” This Google Online Security Blog post explains how the transition to SHA-2 affects Chrome and details Google’s rollout schedule.
• SHA-256 Compatibility. This GlobalSign web page lists OS, browser, server, and signing support for SHA-256 certificates.
• DigiCert SHA-1 Sunset Tool. This free web application tests public websites for SHA-1 certificates that expire after January 1, 2016.
• DigiCert Certificate Inspector. This tool discovers and analyzes all certificates in an enterprise. It’s free, even if you don’t have a DigiCert account.
• Qualys SSL Labs’ SSL Server Test. This free online service analyzes the configuration of any SSL web server on the public Internet.