IBM Support

Sametime applets signer certificate expires on 19 March 2012

Technote (FAQ)


Question

What actions should you as a Sametime administrator take due to the certificate expiration for the Sametime Meeting Server applets on 19 March 2012?

Cause

The Sametime Meeting Server applets are signed with a VeriSign certificate that is valid between 18 March 2009 and 18 March 2012. Therefore, as of 19 March 2012, users who load any of the Sametime applets, such as the Meeting Room Client or Directory applet, will be presented with a warning dialog stating the following:


    "The application's digital signature has an error. Do you want to run the application?"

There is also a note that says:

    "The digital signature was generated with a trusted certificate but has expired."

The following screen capture shows the warning dialog:


The attached image shows the warning in context with the Sametime Meeting room:
MeetingRoomClient.gif

Answer

To prevent users of Sametime 8.0.x Meetings and Sametime 8.5 Classic Meetings from seeing this warning, you should update the affected applets. It is important to note that this message is simply a warning that is presented to the end users. Once the user selects "Run," the applet loads as expected. This certificate expiration will not cause any functional error within the applets.

Updated (re-signed) applets are available on IBM Fix Central for the Sametime versions listed below. The updated applets are signed with a certificate that is valid through 09 April 2015 and that is timestamped to prevent future expiration notices.

Affected applets

The following Sametime components rely on applets and will be affected by this expiration:

  • Online meetings
  • Instant or Ad-hoc meetings created between 1 or more participants
  • Directory applets loaded to view persons for adding to the contact list or meetings
  • Sametime links (STLinks) based applets that are using the signed JAR files (the unsigned version of the stlinks.jar file is not affected by this certificate expiration)
  • Sametime network client install applet (for Sametime versions 8.0, 8.0.1, or 8.0.2)

For Sametime 8.5, the applets apply only to an 8.5.0 environment that uses the classic meeting server that is part of the Community sever installation. Sametime 8.5.1 or 8.5.2 classic meeting server is not affected because these applets were signed with timestamping out of the box and will never expire. Also, the IBM Sametime Meeting Server 8.5 version that runs on WebSphere Application Server is not affected by this expiration, and therefore does not require this fix package.


Links for the updated applets

Refer to the following table to download the updated applets for your version of Sametime:

Version Package name and link
Sametime 8.5.1 and 8.5.2 Classic Meeting Not affected; refer to "Affected applets" section above
Sametime 8.5.0 Classic Meeting server,
Sametime 8.5.0 Classic Meeting client
Sametime-8000-IF-RHOK-8R9SXH
Sametime 8.0.2 Sametime-8000-IF-RHOK-8R9SVW
Sametime 8.0.1 Sametime-8000-IF-RHOK-8R9SU3
Sametime 8.0 Sametime-8000-IF-RHOK-8R9SSA
Network Client Installer
Sametime 8.0.2 Sametime-8000-IF-RHOK-8RAM3V
Sametime 8.0.1 Sametime-8000-IF-RHOK-8RAM8W
Sametime 8.0 Sametime-8000-IF-RHOK-8RAMBC


About the new certificate
  • The Certificate used for these 2012 re-signs is valid as follows:
    [From: Sun Jan 08 19:00:00 EST 2012, To: Thu Apr 09 19:59:59 EDT 2015]
  • A "Timestamp Authority" was used in the signing process which will allow these applets to be used without interruption past the Certificate expiration date. This behavior is due to the fact that the applets were signed during a period of time in which the Certificate was still valid. This means that you will be able to use these versions of the applets past 9 April 2015 without any notice, warning or interruption.
  • Java 1.4.x JVMs are not supported with these re-signed applets. The "Timestamp Authority" feature was added in Java 1.5. Java 1.4.x JVMs will see the signature as invalid. Oracle/Sun ended support for Java 1.4 years ago, therefore, it is assumed a current JVM is in use on users' workstations. If this is not the case, upgrade the JVM to 1.5 or later.


About the STComm.jar file

The fix package includes a file named STComm.jar, which might not exist on your Sametime server. This JAR file is only included in the Sametime SDK. It is not deployed to a Sametime server by default. The toolkit, and this file, is typically used only by customers running Lotus Quickr or QuickPlace, or those application developers that have built their own Sametime components by using the SDK. This file's placement is determined by your developed applet. If required, replace as needed.


Installation instructions

The steps to install the updated applets are as follows:

1. Stop the Sametime server

2. Backup the following directory:

    Lotus\Domino\Data\domino\html\sametime

3. Copy the contents of the data directory from the zip file into the Lotus\Domino\Data directory on the Sametime server overwriting files which already exist

4. If the previous step did not overwrite files, the copy was not done to the correct location

5. Start the Sametime server

These steps replace the existing applet files (*.jar files) on the server with the updated ones. If using the signed STLinks.jar file, follow the same steps you used for the initial setup for the product being integrated with. Refer to the Lotus Documentation page for links to the documentation for various products.


Document information

More support for: IBM Sametime
Web Conferences/Meetings

Software version: 8.0, 8.0.1, 8.0.2, 8.5

Operating system(s): AIX, Linux, Solaris, Windows

Reference #: 1580492

Modified date: 20 March 2012


Translate this page: