2019 Expiring Java Client certificates
search cancel

2019 Expiring Java Client certificates


Article ID: 115724


Updated On:


CA Automic Applications Manager (AM)


The Applications Manager product jar files are signed with a Java code signing certificate that is renewed every two years. The previous certificate's validity period ended on June 8th 2017. The current certificate's validity period ends June 8, 2019.

What happens if my Java certificates are expired?


Release: AAMOS499000-8.0-Automic Applications Manager-OS400 Agent


If using a release of Java 7 update 51 or later, Java will not allow Applications Manager to launch with an expired certificate. 

A future release of Applications Manager version 9 still under maintenance will include new Java certificates with updated validity period.

Applications Manager 9.3 is not affected and does not need a new Java certificate.

Applications Manager version 8 has been out of support since March, 2018 so it will not be not be receiving a renewal to it's Java Certificates.


Additional Information

Workaround 1:

Use Java 7 update 45 or lower since these versions do not include Java certificate checking.

Workaround 2:

Add the Java Web Client's Apache URL to Java's exception site list by opening Java control panel's security tab.

<Please see attached file for image>

Java Control Panel

Edit Site List, choose Add and enter in the Java Web Client's Apache URL. The Apache URL for the Java Web Client is URL to Launch the Web Client but excluding all characters after the Apache Port. In this example, the client URL is "", so the Apache URL is "". Select Continue to accept the risk.

<Please see attached file for image>

Security Warning

Confirm that the URL is listed in the Exception Site List as seen below.

<Please see attached file for image>

JCP Confirm

Select Apply/OK.

Later versions of Java require an additional setting. If adding the URL to the exception site does not work, select the Advanced Tab of the Java Control Panel and change the option "Check for TLS certificate revocation using" from "Both CRLs and OCSP" to "Certificate Revocation Lists". Please consult with your OS admin regarding these settings if required.


1558686215120000115724_sktwi1f5rjvs16evk.png get_app
1558686213319000115724_sktwi1f5rjvs16evj.png get_app
1558686210468000115724_sktwi1f5rjvs16evi.png get_app