A Security Warning dialog is displayed referencing a Digital Signature error

Web Browser ›› Error Messages and Warnings ››

PROBLEM

When viewing DHTML content from ToolBook, a Security Warning dialog is displayed referencing a Digital Signature error.


   


 WARNING - SECURITY

 The application's digital signature has an error.

 The digital signature was generated with a trusted

 certificate but has expired.

 

 Do you want to run the application?

   Name:       sysToolBookApplet

   Publisher:  SumTotal Systems


In addition, if you click on the MORE INFORMATION link within the dialog, this is shown:


   


DETAILS

The dialog in question is displayed by the Java Runtime Engine (aka JRE) browser plugin, in response to the loading of a Java Applet created by SumTotal, for use in ToolBook lessons.


It seems to imply that the applet has expired and it no longer valid or safe to use.


Although it is true that users may see this warning message when viewing ToolBook DHTML content, the warning message is not an indication that the ToolBook Java applet is invalid. It is simply an indication that our signing period has expired (this is the period where we can create new applets using the issued signing certificate). It is not an indication that the applet has expired.


This dialog is likely confusing to end-users who have no idea what applets are, however ToolBook has no control in this matter. It is the JRE which is deciding to show this dialog, and it is beyond ToolBook's control to instruct it not to.


GENERAL BACKGROUND/DETAILS ABOUT JAVA APPLETS

Java applets are often digitally signed to provide the user a level of assurance that the applet comes from a known and trusted source, because executing Java code is a potential security risk. This process is similar to having a physical document signed by a Notary Public as verification that the person executing the document is who he or she claims to be. In this case, the Notary Public would be analogous to the Certificate Authority or CA who signs the certificate.


Digital certificates used in the signing process are valid for a specified period of time, typically for one to three years. This allows an organization such as SumTotal to sign our shipping files (Java applets in this case) for that time period and allow the end-user to trust that the applet had indeed been provided by SumTotal. If the Java applet is created/signed within the certificate's valid signing period, the signature is valid indefinitely.


However, the JRE that is used to run Java applets within a browser, cannot verify if the certificate was actually signed during that valid period, if the current date is beyond that time period. Therefore, the browser dialog reports that, although the applet was properly signed with a trusted certificate, the certificate itself has expired.


It is a common misconception that an applet signed with a certificate that has expired is no longer safe to download or use. This is untrue. As long as the applet was signed when the certificate issued by the CA (Certificate Authority) was still valid, then the applet is valid according to the specification for signing Java applets. Also, according to the specification, it is the responsibility of the JRE to warn the user if an applet has been modified after it was digitally signed.


As long as the JRE does not return an error stating that the applet has been modified since it was signed, the applet is still valid and safe to run.


As long as the user clicks on the RUN option in the dialog, the Applet will function just fine. Additionally if the user first chooses Always Trust Content from this Publisher, they'll never be prompted with a dialog from SumTotal again.


DECIDING IF JAVA IS NEEDED IN YOUR LESSON

Actually, by default, Java is not used within ToolBook DHTML content. Java will only be utilized by a ToolBook lesson if you turned on a feature in ToolBook which demands Java be used.


The features which require Java include the following optional settings:



If none of those features are turned on, then no Java will be used within the lesson and therefore you'll not see a Digital Signature dialog.



KEYWORDS: 24419 P24419




Created with the Personal Edition of HelpNDoc: Write eBooks for the Kindle