Digital Signatures


The SPDF Java applications and associated libraries which require special privileges utilize digital signatures to ensure their authenticity and integrity.  The following are some digital signature issues that you may encounter when using SPDF Java applications:

Do you want to run this application?

You may see the following dialog when starting an SPDF application.

Do you want to run this application dialog

This is expected because the SPDF Java applications require one or more of the following privileges:
You may examine the digital certificate by selecting More Information.

NASA certificate details

We have always used a certificate that was issued by a widely recognized certificate authority (e.g., Thawte).  When you are satisified that Java application is from SPDF, select Run to start the application.

Digital signature has expired.

You may see the following dialog.

Digital signature has expired dialog

This may indicate one of several issues.  To determine the actual issue, select More Information which will display a window such as the following.

Unsigned JNLP dialog

In this case, the digital certificate has not expired.  The issue is that the JNLP file is not signed.  We cannot sign the SSC 4D Orbit Viewers JNLP because it may be dynamically generated (to contain preselected satellites and time ranges).  You may safely ignore this issue an select Run to start the application.

It is possible that you may encounter an actual expired certificate as indicated below

Warning's More Information

You can see that the application was signed by a valid certificate.  However, certificates have an expiration date (typically one or two years from the time they are issued) and it is now past that date.  This can be expected for mature applications or libraries which have not required updating in recent time.  You can ignore this warning.

Failed to validate certificate.

Begining with Oracle's Java 7 update 6, you may encounter the following dialog:

Failed to validate certificate dialog

By selecting the Details button, you will see the following dialog:

Failed to validate certificate details dialog

This is caused by a security setting that prevents Java Web Start from using the Online Certificate Status Protocol (OCSP) to verify the certficate used to digitally sign the application.  To overcome this issue, enable online certificate validation as shown below.

Enable online certificate validation window

Once this has been done, the application should start.

Other Digital Signature Issues

If you encounter other, unexplained digital signature issues with any SPDF Java applications, please contact SPDF support.