Detailed Description and Symptoms
Errors like the following are displayed in pop-up messages:
The application's digital signature has an error. Do you want to run the application?
When you click the "More Information" link, the following is displayed:
- This application will be run without the security restrictions normally provided by Java
- The security certificate has expired or is not yet valid.
- The security certificate was issued by a company that is trusted
The Short Answer
You must either check the "Always trust content from this publisher" check-box and choose "Run", or you must upgrade to the latest build for your Application Manager version which is signed with the a current Application Manager Java code-signing certificate. This will be fixed in SP9.
The Detailed Answer
When we build Applications Manager, the Java-based Applications Manager Client (and other Applications Manager Java code) is signed with a Java code-signing certificate which we renew annually. If you attempt to run a version of the Applications Manager Client that was signed with a certificate that has expired, you will receive this message.
We renew the code-signing certificate every year, so the one we're currently using to sign the code is valid. That is why upgrading Applications Manager to a newer build would be another way (but not the recommended way) to resolve this problem. This isn't recommended because eventually, that certificate would expire too, and you would need to upgrade again to another, newer build made with a newer code-signing certificate.
Whether or not SSL is being used to encrypt the data is independent of this Java code-signing certificate. If you check the "Always trust..." box, SSL will continue to function normally and all Applications Manager network traffic will still be encrypted. The certificate that is expired does not affect the encryption of Applications Manager network traffic and it is not the same as an SSL Web Server Certificate, like the ones that allow users to make https connections to web servers for example.
The Java version on your PC matters because certain versions of the Java Runtime Environment have root certificates that have expired, so we have to try to rule this out as a cause. For more information on expired root certificates, go to Sun's web site.
In summary, we do renew our code-signing certificates and the one we are using to build at this time is current; you need to check the "Always trust..." box for Automic programs; having a newer code-signing certificate will not have any effect on whether or not the data is encrypted; and the version of Java matters because some versions of Java have expired root certificates.