Digital Signatures

The SPDF Java applications and associated libraries which require special privileges utilize digital signatures to ensure their authenticity and integrity.  The following are some digital signature issues that you may encounter when using SPDF Java applications:\

• Digital Signatures
  • Do you want to run this application?
  • Digital signature has expired.
  • \
  • Failed to validate certificate.
  • Other Digital Signature Issues

Do you want to run this application?

You may see the following dialog when starting an SPDF application.



This is expected because the SPDF Java applications require one or more of the following privileges:\

• Execute native code (e.g., the CDF library)
• Read/write to the local disk (e.g., CDF files, save satellite information)
• Access remote web services (e.g., SSC Web Services)

You may examine the digital certificate by selecting More Information.



We have always used a certificate that was issued by a widely recognized certificate authority (e.g., Thawte).  When you are satisified that Java application is from SPDF, select Run to start the application.
\

Digital signature has expired.

You may see the following dialog.\

\

This may indicate one of several issues.  To determine the actual issue, select More Information which will display a window such as the following.



In this case, the digital certificate has not expired.  The issue is that the JNLP file is not signed.  We cannot sign the SSC 4D Orbit Viewers JNLP because it may be dynamically generated (to contain preselected satellites and time ranges).  You may safely ignore this issue an select Run to start the application.

It is possible that you may encounter an actual expired certificate as indicated below



You can see that the application was signed by a valid certificate.  However, certificates have an expiration date (typically one or two years from the time they are issued) and it is now past that date.  This can be expected for mature applications or libraries which have not required updating in recent time.  You can ignore this warning.\

Failed to validate certificate.

Begining with Oracle’s Java 7 update 6, you may encounter the following dialog:



By selecting the Details button, you will see the following dialog:



This is caused by a security setting that prevents Java Web Start from using the Online Certificate Status Protocol (OCSP) to verify the certficate used to digitally sign the application.  To overcome this issue, enable online certificate validation as shown below.



Once this has been done, the application should start.
\

Other Digital Signature Issues

If you encounter other, unexplained digital signature issues with any SPDF Java applications, please contact SPDF support.
\