When I run a smart-client I’ll get a security warning that the Servoy B.V. certificate has been expired. How can I update this certificate ?
You can not, that is up to Servoy.
What Servoy are you running?
Jeroen,
Try upgrading to Servoy 3.5.8
Rob
Thanks for the reply,
What is the reason for such limited certificate ? The reason I’m asking this is that we’ve deployed a Servoy 3.5.6 application at a client, which is running fine so no reason to upgrade. What is the limit on 3.5.8 ?
its a year, thats how those certificates work.
But clients that are already installed will work fine and wont complain, only those who install it again can complain.
Its from an end users perspective a bit strange yes that an app that can install just fine in week 1 complains when it is installed in week 2, without anything that is changed.
in my eyes they should just look at the code date and the certificate date so if the code date < certificate date it is always ok.
But i guess certificates can expire and maybe they are just not valid anymore (revoked) so they want this part of security.
Hi,
Today we have the same issue: pop-up saying “certificate expired” on our production server which is still using Servoy 5.2.4
I assume there is no other way than upgrading to 5.2.5 in order to fix it?
All our customers using an old version of Servoy will get the same message
for clients that already downloaded everything you shouldn’t get that warning i believe. (i didn’t get it on our own servers)
But for new clients yes they will get that expired message… you do need to upgrade to 5.2.5 or 5.2.6 (out soon)
Ok, thanks for the quick reply
Another reason, to use the signtester tool (at servoyforge.net) and sign everything with your own certificate!
That way you have full control.
I’m getting “The application’s digital signature cannot be verified” message when I start the smart client.
I’ve upgraded the application server to 5.2.5, and the signature now is valid until 14feb2013.
Can I get rid of that warning? (without telling the users to mark the checkbox “always trust content form this publisher”)
I have seen that too when testing here without internet. Do you have an internet connection?
you can’t get easily get rid of that one on a first install
i guess the details does tell you that not all resources are signed (the jnlp file?)
this is because we use this: -XX:SoftRefLRUPolicyMSPerMB=3600000 as a vm argument (see admin page)
for performance we really need that, but webstart sees that as a security issue (which is ridiculous if you ask me) and because of that it wants the jnlp file also to be signed
but we can’t sign the jnlp file in servoy because they are generated on the fly with all kinds of information (beans/plugins and also deep link arguments and so on)
I am still thinking of making a solution that by passes pretty much all of this, i just need a nice weekend for this to try this out…
IT2Be:
I have seen that too when testing here without internet. Do you have an internet connection?
Yes i’ve got a working internet connection, I run the solution from a remote server.
@johan: So for now I should just inform the users to set the always trust checkmark?
yes there is currently not another way