What's up with
the Java Security Warning?
BACKGROUND
The ISS
Transit Prediction program creates files on your hard drive
(Specifically within the 'User
Prediction Directory',
See the details
page). This requires the program to run without the
security restrictions normally provided by Java. Java
applications which need additional security permissions require a
digital signature.
Java provides a mechanism for authors to
digitally sign their software. This allows the users of the software to
know that the software has the author's approval. The process
of digitally signing software typically includes paying a fee (up to
$499/year! ouch) to a "certificate authority" (such as VeriSign
or Thawte).
Certification authorities are entities (typically firms specializing in
digital security) that are trusted throughout the industry to sign and
issue certificates.
Thawte provides the Personal E-mail Certificate free
of charge for
the Web of Trust (WOT) community, of
which I am a member.
This certificate can also be used to digitally sign
software.
Annually I would obtain a new certificate, and sign the
program with it. When running the program, the following
warning would
pop up, stating that the signature has been validated by a trusted
source.
PROBLEM
As of November 16,
2009, Thawte is no longer continuing the free
Personal E-mail
Certificate service, which leaves me four options:
1) Pay an
annual fee to obtain a certificate from a certificate authority, 2) Ask
the users to provide a donation to help with the cost, 3)
Self-Sign
the prediction program, or 4) Continue using the expired Thawte
certificate.
SOLUTION
I have decided to continue to use
the Thawte certificate, which has now expired.
What does this mean to the user of the prediction program?
Java
will display the following warning message whenever the program is run.
If the user wishes, they can click the box which says "Always trust
content from this publisher.", and the warning message will not be
shown again.
With Java Version 6 Update 19, the following warning message may pop up when running the program.
This warning is displayed
since Java treats expired and self-signed certificates as essentially
"unsigned". The user must click "No" to allow the unsigned
components to run. Java provides ways for users to disable this
warning message. Details here.
Back
to the ISS Transits Predictions Page