Domino Server Java Applet Certificate Security Signatures Expiring on May 18, 200905/06/2009 10:25:48 PM
Location : Cleveland, OH
My friend, Jean-Yves Riverin, has already blogged this, but I think that it deserves another post. Plus, I need to document it for my own personal information. :-)
What is happening
The certificate for some Java applets in Lotus Domino 6.5.x, Domino 7.0.x, Domino 8.0.x, and Domino 8.5 have an expiration date of May 18, 2009. Starting May 19th, Web users will see a dialog with a message similar to one of the following when loading a Web page that contains a Java applet from the Domino server:
"The digital signature was generated with a trusted certificate but has expired or is not yet valid."
"The security certificate has expired or is not yet valid."
This issue can occur even if IBM is set up as a trusted publisher in the browser.
What does this mean
Please be assured that this message does not mean security has been compromised. It simply reflects the expiration of the signature originally provided in the security certificate used with certain Domino applets. You can find an explanation in the following technote:
Title: "Security certificate expiration messages generated from Domino applets (May 18, 2009)"
Action needed to resolve
To resolve the situation, you have three options: (1) Instruct users to "Always Trust" content from IBM, (2) if using Domino 7.x, upgrade to Domino 7.0.4, or (3) download and apply fixes. IBM recommends that you replace the affected Jar files (option 3) as described in the following download document for any supported release of Domino:
Title: "Download re-signed Java applets for Lotus Domino (May 18, 2009)"
Alternatively, an interim fix will be posted to Fix Central for the latest Modification and Fix Pack levels by May 8th. These include Domino 6.5.6 FP3, 7.0.3 FP1, 7.0.4, 8.0.2 FP1, and 8.5.0. If you're not running one of these releases, access the download document above, which provides fixes for all supported release levels.
Technorati tag: Lotus Domino
What is happening
The certificate for some Java applets in Lotus Domino 6.5.x, Domino 7.0.x, Domino 8.0.x, and Domino 8.5 have an expiration date of May 18, 2009. Starting May 19th, Web users will see a dialog with a message similar to one of the following when loading a Web page that contains a Java applet from the Domino server:
"The digital signature was generated with a trusted certificate but has expired or is not yet valid."
"The security certificate has expired or is not yet valid."
This issue can occur even if IBM is set up as a trusted publisher in the browser.
What does this mean
Please be assured that this message does not mean security has been compromised. It simply reflects the expiration of the signature originally provided in the security certificate used with certain Domino applets. You can find an explanation in the following technote:
Title: "Security certificate expiration messages generated from Domino applets (May 18, 2009)"
Action needed to resolve
To resolve the situation, you have three options: (1) Instruct users to "Always Trust" content from IBM, (2) if using Domino 7.x, upgrade to Domino 7.0.4, or (3) download and apply fixes. IBM recommends that you replace the affected Jar files (option 3) as described in the following download document for any supported release of Domino:
Title: "Download re-signed Java applets for Lotus Domino (May 18, 2009)"
Alternatively, an interim fix will be posted to Fix Central for the latest Modification and Fix Pack levels by May 8th. These include Domino 6.5.6 FP3, 7.0.3 FP1, 7.0.4, 8.0.2 FP1, and 8.5.0. If you're not running one of these releases, access the download document above, which provides fixes for all supported release levels.
Technorati tag: Lotus Domino
Comment posted by JYR05/07/2009 12:26:34 PM
Homepage: http://jyriver.blogspot.com/
Thank you for the reference
JYR
Powered By : Domino
BlogSphere V1.3.1
Join The WebLog Revolution at BlogSphere.net