Question & Answer
Question
What happens when the certificate used to sign the IBM Rational Host On-Demand applet expires?
Cause
Clients are concerned that Host On-Demand client will no longer work properly if the signer certificate expires.
Answer
The certificate used to sign the IBM Rational Host On-Demand V11 applet will expire during the life cycle of the product. This has no affect on the functionality of the Host On-Demand clients, but with some levels of JRE the applet may not launch. Different browser (Internet Explorer and FireFox) and JRE combinations are producing different results. In some instances, the user is presented with the option to 'Allow' them to continue. Other instances are not allowing the applet to continue launching.
If at some point the certificate is stored in the Publishers list in the Java key store, you can view the certificate by opening the Java control panel, click on the Security tab. Then click on Certificates. The label for the most current certificate is:
IBM Canada Limited
In addition to the jars being signed, they are also time stamped. Applying a timestamp when you sign a JAR is strongly recommended, as it allows you to prove that IBM signed the JARs during the time interval that the code signing certificate was still valid. This allows your JARs to be validated after the certificate expires thereby prolonging the lifetime of your application.
The signer's certificate has to be valid only when the code is signed.
The purpose of this certificate is to sign the applet and has no bearing on the functionality or security functions of the product if the applet will launch. According to Java's security policy, only signed jar files or applets can be downloaded and executed using a browser. Signing the jar files for an applet provides the signer's information so the end user can choose to trust that applet or not. For further information about the signer's certificate, refer to Oracle's blog Signing code for the long-haul.
A new certificate has been used to sign the jar files for Host On-Demand 11.0.12 and higher which is now available on Fix Central to download. This certificate is valid from June 6, 2014 through September 5, 2017. If you are having difficulties launching the Host On-Demand client because of the expired signer's certificate, the recommendation is to upgrade to HOD 11.0.12 or higher.
Was this topic helpful?
Document Information
Modified date:
02 August 2018
UID
swg21197292