Service Bulletin

2020-07-24
Supersedes 2019-12-03

SecureLink Server SHA1 Certificate Expiration Date: August 01, 2020

DRYVIEW Laser Imaging Systems

TRIMAX Laser Imaging Systems
MyVue Center and TRIMAX FK Terminal/Print Servers

When doing the procedures in this document, you must use safe work practices and wear the correct
personal protective equipment (for example, safety eyewear) according to your company's standard
operating procedures.

Announcement
This bulletin provides updated information on the expiration of the SecureLink Certificate SHA1 for all
Laser Imaging Systems.
Included in this bulletin are instructions for updating the certificate that is set to expire on August 01,
2020. Depending on the imager model, the certificate can be updated by either upgrading the imager’s
software or by using the new SecureLink Server Certificate Update Tool.

Instructional

Important!
The certificate (SHA1) resides on the imager and must be updated otherwise you will not be able to access
the system after August 01, 2020.

A new certificate (SHA2) will be installed on the imager and will activate when the SHA1 certificate expires.
The expiration date of the new SHA2 digital certificate is February 03, 2038.

Page 1 of 13 Carestream Health, Confidential Pub No. SBAJ3538

 Important!
To support both the SHA1 and SHA2 certificates, you must also update the SecureLink Client software
installed on your laptop to version 3.2.4.02. SecureLink Client currently tries to connect with the
imager using the SHA1 certificate, however after Aug 1, 2020 you will connect only to SHA2
certificates from the imager.

The SecureLink Client v3.2.4.02 installer software is located on the Service Portal under Service
Systems>Secure Link. To upgrade your SecureLink client, follow the instructions in SBAG8704,
“Announcing CARESTREAM SecureLink Client Software v3.2.4.02.”

How to verify SecureLink version and Certificate expiration date

When you launch the SecureLink Client Software, check the version on the bottom right corner:

When you are connected to the printer, click the red ” I “ (Info) button to see the Server Certification
expiration date:

Page 2 of 13 Carestream Health, Confidential Pub No. SBAJ3538

 Note
Only after August 1, 2020 when SHA1 expires, will the SecureLink Client connect with SHA2 and the
expiration date will display as February 03, 2038.

Updating the Imager’s Secure Link Server Certificate: Software Re-ghost / Re-image

The first update option is to install a version of software with the SHA2 certificate already embedded.
The table below shows the minimum version of software that includes the SHA2 certificate:
Minimum Software Version with SHA2
Model Service Code(s)
Certificate Included

5700/TX40 1242, 1793, 2831 2.0.b3 – MOD 11

5950/TX55, 5950K 1318, 1319, 2834, 2919 2.0.b5 – MOD 11

6800 1649 2.11.b1 – MOD 16

6850 6875 1.12.b1 – MOD 12

6950/TX65 2901, 2902, 2839 2.0.b9 – MOD 09

MyVue Center III 3151 2.0.b9 – MOD 09

FK Terminal 2211 2.0.b9 – MOD 09

5800 1115
Use the Certificate Updater Tool
5850 7153
(see instructions below)
DRYVIEW 8900 1442, 4878

Updating the Imager’s Certificate: SecureLink Server Certificate Update Tool

If you are unable to upgrade the imager’s software, the second update option is to use the SecureLink
Server Certificate Update Tool.
The Certificate Update Tool is used on systems with the software versions indicated in the table below:
Model Media Type Applicable Software Version
DV6800 CD or USB Flash Drive 2.10.b1 and earlier

DV6850 USB Flash Drive 1.11.b1 and earlier

DV5800 / DV5850 USB Flash Drive 2.7.b1 and earlier

DV5950 USB Flash Drive 1.9.b1.p2 and earlier

TX50 USB Flash Drive 1.1.b03 and earlier

DV8900 CD 3.8.b2 and earlier

Page 3 of 13 Carestream Health, Confidential Pub No. SBAJ3538

Certificate Update Tool: Create a Bootable CD or Bootable USB Flash Drive

Instructions to Create a Bootable CD (6800 and 8900)

Required Materials:
• 1 blank, writable CD-R
• CD/DVD writable drive
• 6800_Certificate_Upgrade__2020_CD.iso or 8900_Certificate_Upgrade__2020_CD.iso

1. Download SecureLink_Certificate_Update_2020.zip from the Service Portal and save the file to
your laptop
2. Right-click the file and choose ‘Extract All’ to extract the SecureLink_Certificate_Update_2020
folder to your laptop
3. Insert a blank CD-R into the CD/DVD writable drive connected to your laptop
4. Double click SecureLink_Certificate_Update_2020 folder, then right-click either the 6800 or 8900
Certificate_Upgrade_2020_CD.iso and choose ‘Burn Disc Image’
5. Choose the appropriate drive letter from the ‘Disc burner’ drop-down list that corresponds to your
CD/DVD writable drive
6. Click the ‘Burn’ button

7. Once the process completes, remove the CD-R from the writable drive

Instructions to create a Bootable USB Flash Drive (5800/5850/5950/TX50/6800/6850)

Required Materials:
• 1 USB flash disk – maximum 32GB
• Win32Diskimager_USB.zip
1. Download SecureLink_Certificate_Update_2020.zip from the Service Portal and save the file to
your laptop
2. Right-click the file and choose ‘Extract All’ to extract the SecureLink_Certificate_Update_2020
folder to your laptop

Page 4 of 13 Carestream Health, Confidential Pub No. SBAJ3538

 3. Insert the USB flash drive into your laptop

Note:
The maximum USB flash drive size allowed is 32GB
4. Right click drive letter that corresponds to the USB flash drive and choose ‘Format’

Important!
Choose the correct drive letter otherwise you could lose valuable data

5. Choose ‘FAT 32’ from the ‘File system’ drop-down menu then click the ‘Start’ button

6. When the format process completes, double-click Win32DiskImager.exe in the

SecureLink_Certificate_Update_2020Win32DiskImager_USB folder

7. Click file browse button to select the certificate disk image file

Page 5 of 13 Carestream Health, Confidential Pub No. SBAJ3538

 8. Select the ‘SecureLinkUpgrade.img’ file in the Win32DiskImager_USB folder, then click the ‘Open’
button

9. Select the USB flash drive letter from ‘Device’ drop-down list

Important!
To avoid unintended data loss, it is important to choose the correct USB Drive letter before clicking
the ‘Write’ button

10. Click the “Write” button

11. Click “Yes” to begin the process

Page 6 of 13 Carestream Health, Confidential Pub No. SBAJ3538

 12. Writing the image to USB flash drive will begin

13. When the process completes click “OK”

14. Click ‘Exit’ to close the Win32DiskImager utility

15. Right-click the USB Drive, choose ‘Eject’, and remove the USB flash drive from your laptop

Special Certificate Update Instructions for DV6850 Only

Important!
There are two BIOS versions for the DV6850. BIOS version 1.0 supports USB-FDD boot mode only by
default. BIOS version 1.01 supports both USB-HDD and USB-FDD modes by default. Since the
certificate upgrade bootable USB key is designed for USB-HDD mode (BIOS v1.01), the BIOS settings
must be changed to work with BIOS v1.0 (USB-FDD) systems.
Confirm the DV6850 BIOS version:
1. While the system is powered off, insert the bootable USB certificate update drive and
connect a USB keyboard to DV6850 DRE

Page 7 of 13 Carestream Health, Confidential Pub No. SBAJ3538

 2. Power on the unit and press the PAUSE key on the keyboard when the initial startup screen
displays as shown below:

If the BIOS string is ‘MX945GSE3-CS2 #71401 BIOS v1.0’, then continue to step 3, otherwise
go to the ‘Update Using the Certificate Update Tool (CD or USB)’ section of this document
3. Press the DEL key to enter the BIOS CMOS
4. Use the arrow keys to choose ‘Integrated Peripherals’ then press ENTER

5. Verify that ‘OnChip IDE Device’ is selected and then press ENTER

6. Use the arrow keys to navigate to the ‘On-Chip Serial ATA’ field, use either the ‘+’ or ‘-‘ key
to change the setting to ‘Disabled’

Page 8 of 13 Carestream Health, Confidential Pub No. SBAJ3538

 7. Press the ‘ESC’ key to return to the main CMOS page
8. Use the arrow keys to navigate to the ‘USB Device Setting’ field then press ENTER

9. Use the arrow keys to navigate to the ‘USB Mass Storage Device Boot Setting’ section

Note:
The name of the USB drive will vary. In the example below, ‘SanDisk Cruzer Colors+ 8.0’
was used.

10. Use the ‘+’ or ‘-‘ key to change the setting to ‘Auto Mode’
11. Press F10 to save changes and exit, then Press ENTER at the following screen to restart the
system

Page 9 of 13 Carestream Health, Confidential Pub No. SBAJ3538

 12. Important!
When the ‘Starting Windows Preinstallation Environment’ screen appears, shut down the
DV6850

13. Power on the unit and press the DEL key to enter the CMOS Setup Utility
14. Use the arrow keys to choose ‘Integrated Peripherals’ again, then press ENTER

15. Verify that ‘OnChip IDE Device’ is selected and then press ENTER

16. Use the arrow keys to navigate to the ‘On-Chip Serial ATA’ field, use either the ‘+’ or ‘-‘ key
to change the setting to ‘Auto’

17. Press F10 to save changes and exit, then Press ENTER at the following screen to restart the
system
Page 10 of 13 Carestream Health, Confidential Pub No. SBAJ3538
 18. The system will emit one short tune and the update process will automatically begin
a. If the upgrade is SUCCESSFUL – the system will emit a continuous single tone beep
b. If the upgrade FAILED - the system will emit continuous high-low-alarm beeps

Important!
When the DV6850 certificate update has completed successfully, you must restore the
BIOS / CMOS settings to their default values, otherwise the bootable DV6850 USB drive
ghost software will not work properly

Restore the DV6850 BIOS v1.0 Settings

19. Power off the DV6850 and remove the Certificate Update Tool USB drive
20. Connect a USB keyboard and power on the DV6850
21. Power on unit and press the DEL key to enter the CMOS Setup Utility
22. Use the arrows key to navigate to the ‘Load Optimized Defaults’ then press ENTER
23. Press ‘Y’ then press ENTER
24. The system will restart and boot up normally

Update Using the Certificate Update Tool (CD or USB)

Note:
If needed, an external monitor can be connected to the imager’s DRE board to display a command
window that will indicate success or failure of the upgrade process

Page 11 of 13 Carestream Health, Confidential Pub No. SBAJ3538

 1. Insert the CD-R or USB flash drive into the imager
2. Power-cycle the imager
3. The system will emit one short tune and the update process will automatically begin (estimated
completion time 2-10 minutes depending on the imager)
a. If the upgrade is SUCCESSFUL – the system will emit a continuous single tone beep
b. If the upgrade FAILED - the system will emit continuous high-low-alarm beeps

Note:
• For 6800: If the certificate update fails, power off the imager, remove the DRE Compact
Flash (CF) card (item #5 identified below), power on the imager and retry the certificate
update

• For 6800: If the certificate update fails after removing the CF card, replace the CF card and
install software version 2.11.b1 (MOD 16) that includes the new certificate
o Instructions to install v2.11.b1 are available on the Service Portal
4. When the certificate update completes:
a. For CD-ROM systems, remove the CD-R disc and power-off the imager
b. For USB systems, power-off the imager first and then remove USB key
5. Restart the imager

Page 12 of 13 Carestream Health, Confidential Pub No. SBAJ3538

Special Instructions for DV8900 Only
1. Close the SecureLink client on your laptop if it is running
2. Copy the certificate files to SecureLink folder on your laptop

Note: You will receive these files in an email from the SecureLink team

a. For 64-bit OS systems - C:\Program Files (x86)\Carestream\SecureLink

b. For 32-bit OS systems - C:\Program Files\Carestream\SecureLink

3. Change the laptop system date to July 31, 2020

Note: You will always need to change your laptop to this date when connecting to the DV8900

4. Open SecureLink and connect to the DV8900

5. When you have completed your tasks, close SecureLink and restore the laptop to the current date

For more information, please contact:

Carestream Health
Global Customer Care Service & Support
USA Only: 1-800-328-2910
Outside the USA: 585-627-1864
Canada: 1-866-927-1017
Outside the USA and Canada: Contact your local
Shared Service Center (SSC)

Carestream Health, Inc.

150 Verona Street
Rochester, NY, USA 14608

© Carestream Health, Inc., 2020

Made in USA.

CARESTREAM and DRYVIEW are trademarks of Carestream Health.

Pub History:
Rev A: 2019-06-18 – Initial release.
Rev B: 2019-06-27 – Corrected a typo of the SecureLink software version / referenced bulletin AG8704.
Rev C: 2019-12-03 -- Added rationale and “how it works” sections. Added minimum product versions to the table.
Rev D: Updates for Aug 2020 cert expiration.

Page 13 of 13 Carestream Health, Confidential Pub No. SBAJ3538