Sametime applets signer certificate expires on 19 March 2012
What actions should you as a Sametime administrator take due to the certificate expiration for the Sametime Meeting Server applets on 19 March 2012?
The Sametime Meeting Server applets are signed with a VeriSign certificate that is valid between 18 March 2009 and 18 March 2012. Therefore, as of 19 March 2012, users who load any of the Sametime applets, such as the Meeting Room Client or Directory applet, will be presented with a warning dialog stating the following:
"The application's digital signature has an error. Do you want to run the application?"
There is also a note that says:
"The digital signature was generated with a trusted certificate but has expired."
The following screen capture shows the warning dialog:
The attached image shows the warning in context with the Sametime Meeting room:
To prevent users of Sametime 8.0.x Meetings and Sametime 8.5 Classic Meetings from seeing this warning, you should update the affected applets. It is important to note that this message is simply a warning that is presented to the end users. Once the user selects "Run," the applet loads as expected. This certificate expiration will not cause any functional error within the applets.
Updated (re-signed) applets are available on IBM Fix Central for the Sametime versions listed below. The updated applets are signed with a certificate that is valid through 09 April 2015 and that is timestamped to prevent future expiration notices.
The following Sametime components rely on applets and will be affected by this expiration:
- Online meetings
- Instant or Ad-hoc meetings created between 1 or more participants
- Directory applets loaded to view persons for adding to the contact list or meetings
- Sametime links (STLinks) based applets that are using the signed JAR files (the unsigned version of the stlinks.jar file is not affected by this certificate expiration)
- Sametime network client install applet (for Sametime versions 8.0, 8.0.1, or 8.0.2)
For Sametime 8.5, the applets apply only to an 8.5.0 environment that uses the classic meeting server that is part of the Community sever installation. Sametime 8.5.1 or 8.5.2 classic meeting server is not affected because these applets were signed with timestamping out of the box and will never expire. Also, the IBM Sametime Meeting Server 8.5 version that runs on WebSphere Application Server is not affected by this expiration, and therefore does not require this fix package.
Links for the updated applets
Refer to the following table to download the updated applets for your version of Sametime:
|Version||Package name and link|
|Sametime 8.5.1 and 8.5.2 Classic Meeting||Not affected; refer to "Affected applets" section above|
|Sametime 8.5.0 Classic Meeting server,
Sametime 8.5.0 Classic Meeting client
Network Client Installer
About the new certificate
- The Certificate used for these 2012 re-signs is valid as follows:
[From: Sun Jan 08 19:00:00 EST 2012, To: Thu Apr 09 19:59:59 EDT 2015]
- A "Timestamp Authority" was used in the signing process which will allow these applets to be used without interruption past the Certificate expiration date. This behavior is due to the fact that the applets were signed during a period of time in which the Certificate was still valid. This means that you will be able to use these versions of the applets past 9 April 2015 without any notice, warning or interruption.
- Java 1.4.x JVMs are not supported with these re-signed applets. The "Timestamp Authority" feature was added in Java 1.5. Java 1.4.x JVMs will see the signature as invalid. Oracle/Sun ended support for Java 1.4 years ago, therefore, it is assumed a current JVM is in use on users' workstations. If this is not the case, upgrade the JVM to 1.5 or later.
About the STComm.jar file
The fix package includes a file named STComm.jar, which might not exist on your Sametime server. This JAR file is only included in the Sametime SDK. It is not deployed to a Sametime server by default. The toolkit, and this file, is typically used only by customers running Lotus Quickr or QuickPlace, or those application developers that have built their own Sametime components by using the SDK. This file's placement is determined by your developed applet. If required, replace as needed.
The steps to install the updated applets are as follows:
1. Stop the Sametime server
2. Backup the following directory:
3. Copy the contents of the data directory from the zip file into the Lotus\Domino\Data directory on the Sametime server overwriting files which already exist
4. If the previous step did not overwrite files, the copy was not done to the correct location
5. Start the Sametime server
These steps replace the existing applet files (*.jar files) on the server with the updated ones. If using the signed STLinks.jar file, follow the same steps you used for the initial setup for the product being integrated with. Refer to the Lotus Documentation page for links to the documentation for various products.
More support for:
Software version: 8.0, 8.0.1, 8.0.2, 8.5
Operating system(s): AIX, Linux, Solaris, Windows
Reference #: 1580492
Modified date: 20 March 2012
Translate this page: