ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Receive pop-up Security Warnings indicating that the JNLP files are not signed

book

Article ID: 88599

calendar_today

Updated On:

Products

CA Automic Applications Manager (AM)

Issue/Introduction

Error Message Details:



Java 1.7 Build 45 and above:

<Please see attached file for image>

.png




Java 1.6 Build 45 and above:

<Please see attached file for image>

.png

 
Symptoms

After upgrading to Applications Manager (AM) v8.0 SP12 HF1 or above and while using Java versions 1.6 or 1.6 Builds 45 and above you may receive a pop up Security Warning message that indicated that the AM JNLP files do not have a digital signature.

 

Cause


The JNLP files have not been signed before with the AM product and this does not present a security risk. All of our main application code (jar files) are signed by a certificate provided by Thawte. If we were to sign the JNLP files, this would be a change in behavior or a redesign of the way that the AM client is launched. The JNLP files contain custom variables (client URL, IP address, Master Name, Port). If we were to sign the JNLP files with our Automic certificate, the variables would then be hard coded and therefore the IP/port/Name would not be able to change without a full re-install. Also, our certificate from Thawte expires every two years, so signing the JNLP files may impact those users who do not upgrade as often.

 


 

Environment

Release: AAMOS499000-8.0-Automic Applications Manager-OS400 Agent
Component:

Resolution

As stated above the JNLP files have never been signed with the Applications Manager product and it does not present a security risk as our main application code (jar files) are signed by a certificate provided by Thawte.