Digital Signature Warning Even With Settings

The public knowledge pool and discussion forum of the OWS community. Do not post confidential information here!
PWn3R
Posts: 2
Joined: 22 Nov 2023, 17:08

Digital Signature Warning Even With Settings

Post by PWn3R »

Hi -

I've read through the documentation and am deploying system configurations with certificates and exceptions. Happy to provide what I'm deploying:
https://imgur.com/a/tIRVb4l

The cert in the message that is popping up is in the trusted.certs file.

I'm getting this message even with the settings deployed:
https://imgur.com/a/DFIQTCx

Is this expected? I need to find a way to stop this from coming up. When you check the box and hit run, it stores it in the local user profile which is not what I want to do.

Thanks,

Janak Mulani
Posts: 817
Joined: 24 Mar 2020, 13:37

Re: Digital Signature Warning Even With Settings

Post by Janak Mulani »

The cert may not be present in the keystore of the jre or OWS. If you trust the cert then choose "always trust contenet from this publisher" .

You can see the certificates in keystores using the itw-settings app.

PWn3R
Posts: 2
Joined: 22 Nov 2023, 17:08

Re: Digital Signature Warning Even With Settings

Post by PWn3R »

Ah, that’s a great point. I will try putting that file into the JRE. I feel dumb now.

Edit: that did it. I put the trusted.certs into the JRE folder and it's working now. Sorry, I can't believe I didn't find this in previous efforts to look into this problem.

Janak Mulani
Posts: 817
Joined: 24 Mar 2020, 13:37

Re: Digital Signature Warning Even With Settings

Post by Janak Mulani »

There 3 places that OWS tries to find the certs for verification:

During Phase I when it gets the jnlp file: In the bundled jre\lib\security and UserHome\.config\icedtea-web\security

During Phase II when it gets the resources and starts the app: In the jre\lib\security that best matches the one specified in the jnlp file and UserHome\.config\icedtea-web\security

Post Reply