Receive pop-up Security Warnings indicating that the JNLP files are not signed

Document ID : KB000088599
Last Modified Date : 14/04/2018
Show Technical Document Details
Issue:
Error Message Details:



Java 1.7 Build 45 and above:
.png




Java 1.6 Build 45 and above:
.png

 
Symptoms

After upgrading to Applications Manager (AM) v8.0 SP12 HF1 or above and while using Java versions 1.6 or 1.6 Builds 45 and above you may receive a pop up Security Warning message that indicated that the AM JNLP files do not have a digital signature.

 

Cause


The JNLP files have not been signed before with the AM product and this does not present a security risk. All of our main application code (jar files) are signed by a certificate provided by Thawte. If we were to sign the JNLP files, this would be a change in behavior or a redesign of the way that the AM client is launched. The JNLP files contain custom variables (client URL, IP address, Master Name, Port). If we were to sign the JNLP files with our Automic certificate, the variables would then be hard coded and therefore the IP/port/Name would not be able to change without a full re-install. Also, our certificate from Thawte expires every two years, so signing the JNLP files may impact those users who do not upgrade as often.

 


 
Resolution:
As stated above the JNLP files have never been signed with the Applications Manager product and it does not present a security risk as our main application code (jar files) are signed by a certificate provided by Thawte.