Introduction
Dear Customer,
Amino has been informed by Verimatrix that the X.509 certificate used for authentication and establishing secure communication between Verimatrix (ViewRight) clients and the Video Content Authority System (VCAS) will expire in October 2024. Once this certificate has expired, any set-top box (STB) running this system and using certificates with this expiration date will not be able to decrypt Verimatrix encrypted content.
Prerequisites
Certificate X.509 Verimatrix Client
Summary
Following the October 2024 expiration date, all STBs with the following clients, which use integrated PKI 1024-bit X.509 certificates to establish a secure connection with the VCAS head-end, will lose access to VCAS decryption services causing a black screen:
- Verimatrix IPTV (ViewRight IPTV) Client versions 3.7 and below
- Verimatrix OTT (ViewRight Web) Client versions 3.8 and below
Clients with later versions of Verimatrix use 2048-bit certificates with the maximum supported expiration date and are not impacted by this problem.
Recommended Action
The following devices are End of Life and Amino no longer provides software updates for these products.
|
|
If you have these products in production and believe they will be impacted by the expiration of Verimatrix certificates, please contact Amino Sales or use the amino.tv/contact-us form and a representative of Amino will discuss the options available.
The table below shows devices supported by Amino and the minimum build version that must be installed for the device to decrypt Verimatrix-protected content after October 2024.
Model | Release |
Kamai 5 | 2.9.25_build6 |
Amulet 5 | 2.9.25_build6 |
Aria6 | 14.8.58_build12 |
Kamai6(m)/Amulet6(m) | 11.8.58_build12 |
Kamai7E | 11.8.58_build12 |
Aria7/Aria7x | 20.1.69_build9 |
Kamai7x(m)/Amulet7x(m) | 20.1.69_build9 |
Kamai7B (multicast IPTV only) | 22.1.66_build9 |
Kamai7B (multicast IPTV & OTT) | 22.2.90_build9 |
Kamai7Q/Amulet7Q | 21.1.38.6_build9 |
In addition, firmware packages containing the term '.verimatrix.' in the filename do not support the latest 2048-bit Verimatrix certificates.
These firmware packages utilize an outdated Verimatrix client that is incompatible with the new certificate standard. Customers utilizing these packages will need to upgrade to a version that supports the 2048-bit certificates to maintain full functionality, that contains the term '.verimatrixMA' or '.verimatrixCWPP' in the firmware filename where mutual authentication is used between the Verimatrix server and Verimatrix client on the STB.
This also implies that customer will need to set up mutual authentication mode on their Verimatrix server and update their INI settings. See AminoOS ENABLE STB Verimatrix Configuration Guide.
Please review your current Verimatrix implementation and file versions to ensure compliance. Should you have any questions or require further assistance, do not hesitate to contact our support team.
Reference
None.