The SPDF Java applications
and associated libraries which require
special privileges utilize digital signatures
to ensure their authenticity and integrity. The following are
some digital signature issues that you may encounter when
using SPDF Java applications:
Do you want to
run this application?
You may see the following dialog when starting an SPDF application.
This is expected because the SPDF Java applications require one or more
of the following privileges:
You may examine the digital certificate by selecting
- Execute native code (e.g., the CDF library)
- Read/write to the local disk (e.g., CDF files, save satellite
- Access remote web services (e.g., SSC Web Services)
We have always used a certificate that was issued by a widely
recognized certificate authority (e.g., Thawte). When you are
satisified that Java application is from SPDF, select
to start the application.
Digital signature has
You may see the following dialog.
This may indicate one of several issues. To determine the actual
More Information which will display a
window such as the following.
In this case, the digital certificate has not expired. The issue
is that the JNLP file is not signed. We cannot sign the SSC 4D
Orbit Viewers JNLP because it may be dynamically generated (to contain
preselected satellites and time ranges). You may safely ignore
this issue an select
Run to start the application.
It is possible that you may encounter an actual expired
certificate as indicated below
You can see that the application was signed by a valid
certificate. However, certificates have an expiration date
(typically one or two years from the time they are issued) and it is
now past that date. This can be expected for mature applications
or libraries which have not required updating in recent time. You
can ignore this warning.
Failed to validate
Begining with Oracle's Java 7 update 6, you may encounter the following
By selecting the
Details button, you will see the
This is caused by a security setting that prevents Java Web Start from
using the Online
Certificate Status Protocol (OCSP) to verify the certficate used to
digitally sign the application. To overcome this issue, enable
online certificate validation as shown below.
Once this has been done, the application should start.
Other Digital Signature Issues
If you encounter other, unexplained digital signature issues with any
SPDF Java applications, please contact SPDF