AnsweredAssumed Answered

Eclipse Update Site - expired certificate

Question asked by krulls on May 13, 2015
Latest reply on May 19, 2015 by krulls
Hello activiti team,

recently I tried to use the activiti designer plugin for Eclipse. I followed the guide:
http://www.activiti.org/userguide/#eclipseDesignerInstallation or
http://docs.alfresco.com/4.1/tasks/wf-install-activiti-designer.html

this is the according update site: http://activiti.org/designer/update/

but our infrastructure refuses to download the necessary (JAR) files because of expired end certificates.

here is the explicit message: "[JSCAN] End certificate expired: File blocked" that I get when trying to download i. e. http://activiti.org/designer/update/plugins/org.eclipse.graphiti.pattern_0.10.1.v20130918-0838.jar

I guess this is related to the following statement from http://docs.oracle.com/javase/7/docs/technotes/guides/security/time-of-signing.html:

"Because signing certificates typically expire annually, this caused customers significant problems by forcing them to re-sign deployed JAR files annually."

our infrastructure provider uses the software IWSVA from TrendMicro (https://esupport.trendmicro.com/en-us/business/pages/technical-support/interscan-web-security-virtual-appliance-support.aspx) to validate Java artifacts. See
https://docs.trendmicro.com/all/ent/iwsva/v5.5/en-us/iwsva_5.5_olh/create_an_applet_and_activex_security_policy.htm and
https://docs.trendmicro.com/all/ent/iwsva/v5.5/en-us/iwsva_5.5_olh/mmc_policy_java.htm

the question is: do you have to provide a (new) valid eclipse plugin update site? or do I have to inspect and check the IWSVA for outdated routines of checking Java artifacts?

kind regards

stephan krull
ecg-leipzig.de

Outcomes