Skip to main content

This content has been archived and is no longer being updated. Links may not function; however, this content may be relevant to outdated versions of the product.

Support Article

PEGACHANNELDESKTOPAPPLET Certificate Expired.

SA-2679

Summary



Using non-IE browsers (which will load the Java Applet, rather than the ActiveX version) : logging to user Portal (say with 'cacsr' or 'camanager') shows the Java Applet "PEGACHANNELDESKTOPAPPLET" certificate has expired.

Error Messages



First Popup reads:

//
[Application Blocked]

Application Blocked by Security Settings

Name: PegaDesktopApplet
Location: http://venglnx199:9080

Your security settings have blocked an application signed with an expired or not-yet-valid
certificate from running

[OK]
//

Second Popup reads:
//
[Application Blocked for Security]

The application cannot be run.

Name: ScreenPopControlAlt
Location: http://venglnx199:9080

Reason: Your security settings have blocked an application signed with an expired or not-yet-valid
certificate from running

[OK] [More Information...]
//

'More Information' reads (abridged here):

//
com.sun.deploy.security.BlockedException: Your security settings have blocked an application signed with an expired or not-yet-valid certificate from running
at com.sun.deploy.security.SandboxSecurity.showBlockedDialog(Unknown Source)
at com.sun.deploy.security.TrustDecider.askUser(Unknown Source)
at com.sun.deploy.security.TrustDecider.validateChain(Unknown Source)
[...]
//

Certificate Details are (note expiration date):

//
Version V3
Serial Number [140277917501644552813188006346557423053]
Signature Algorithm [SHA1withRSA]
Issuer CN=VeriSign Class 3 Code Signing 2010 CA,
OU=Terms of use at https://www.verisign.com/rpa (c)10,
OU=VeriSign Trust Network,
O="VeriSign, Inc.",
C=US
Validity [From: Thu Jul 14 01:00:00 BST 2011,
To: Mon Jul 14 00:59:59 BST 2014]
Subject CN=Pegasystems Inc.,
OU=Engineering,
OU=Digital ID Class 3 - Java Object Signing,
O=Pegasystems Inc.,
L=Cambridge,
ST=Massachusetts,
C=US
Signature 0000: A7 FF CD 04 86 67 87 61 9F FE 19 BD 30 44 FB C8 .....g.a....0D..
0010: C2 5C 2E FD A7 C8 98 EB 1E 23 8B 68 91 91 60 24 .\.......#.h..`$
0020: 1C 41 E3 A5 D9 57 37 98 73 72 BE 61 87 2B 8F 9A .A...W7.sr.a.+..
0030: D1 9E E3 77 9B 56 83 F1 48 79 02 CC 5E AE 2B DF ...w.V..Hy..^.+.
0040: CC B9 08 08 F7 EF 98 BC D0 27 44 C0 F8 CD 87 D0 .........'D.....
0050: E0 95 5E A9 1F 80 0E 02 DD BF 54 03 79 8C CD 9A ..^.......T.y...
0060: 0F 18 8B 07 2F A5 11 4E 0D 43 0E CA 60 0D D4 4D ..../..N.C..`..M
0070: 7E 16 F3 FB CA F1 68 40 95 92 CC 31 F9 13 53 6D [email protected]
0080: 91 50 C9 08 7F 03 11 78 88 C8 96 24 F5 34 D6 56 .P.....x...$.4.V
0090: 74 BC 65 02 45 C5 03 A0 43 1D 0A DD 48 F7 62 EF t.e.E...C...H.b.
00A0: 1D 46 87 AA 00 C8 94 A6 16 D2 7E 9D 7E 91 3C C3 .F............<.
00B0: 11 4B 79 6C A9 C3 C4 F3 C9 42 76 37 8A F4 E7 C9 .Kyl.....Bv7....
00C0: D5 33 68 D0 01 F5 8F 24 D4 6E 68 3C A9 FD 3A DF .3h....$.nh<..:.
00D0: 08 6D 49 F1 4C 94 CA A9 08 9D 25 37 BF 56 21 38 .mI.L.....%7.V!8
00E0: 73 4F 9D AF 28 C5 35 DC 43 60 FA F9 80 1A 00 36 sO..(.5.C`.....6
00F0: CE 67 30 0D 7B 46 E9 11 06 E6 19 67 DA 7A A7 2F .g0..F.....g.z./
MD5 Fingerprint D7:5E:A7:65:30:DD:33:64:4B:85:CA:D4:45:9C:5B:56
SHA1 Fingerprint 58:5B:A8:29:46:DD:2D:82:37:37:2C:4C:42:E8:8D:DF:19:42:17:70
//

Steps to Reproduce



Ensuring Java Browser Plugin is enabled:

1. Install CPM + CPM Sample DB.
2. Log in as 'cacsr' (or 'camanager') using Chrome or Firefox (not IE).

The message "Your security settings have blocked an application signed with an expired or not-yet-valid" will appear and the Java Applet will be blocked from running.

The following screenshots how the situation before and after the HFIX has been applied.









Resolution



Install HFIX-10091. This is a NOT an PRPC core HFIX - it is a ZIP file which contains rules which be imported directly from the Developer Portal.
It may be necessary to clear your browser cache after installing this HFIX.

The following screenshots show the installation of HFIX-10091: (NOTE: EXTRACT THE HFIX-10091.JAR from within the HFIX-10091.zip first!)











The following screenshot show the issue has been fixed after HFIX-10091 has been installed.






ROOT CAUSE


The JAR file "pegachanneldesktopapplet.jar " is signed with a digital signature: this signature has expired and the JAR need to be replaced with a newly signed one from Pega.



 

Tags:

Pega Customer Service

Published January 31, 2016 - Updated December 2, 2021

Was this useful?

100% found this useful

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Visit the Collaboration Center

Did you find this content helpful?

Yes
No

Want to help us improve this content?
Suggest an edit

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us