Reliance Web Client certificate validity

October 14, 2015 | Reliance SCADA

Beginning with version 4.6.1, the Web client's program files are signed with a digital certificate from a trusted certificate authority (Thawte) – see the article published in 2013. As of October 22, 2015, the certificate becomes invalid and
a problem with running the Web client may occur at the end user site. The problem may appear in projects running in version 4.6.1 or later up to 4.7.2 Pre-release, Rev. 26420. This article describes three ways of solving or avoiding the problem:


  • By installing version 4.7.2
  • By using the tool for replacing the Web client's program files
  • By customizing the settings through the Java Control Panel


Solution 1: Install version 4.7.2

This is the preferred solution. Reliance 4.7.2 Pre-release, Rev. 26506 or later already contains the program files of Reliance Web Client, which are signed with a new certificate. Besides, a timestamp from the certificate authority's server is added to the signature. This guarantees the validity of the signature even after the certificate expires. As a result, this situation will never be repeated. Reliance 4.7.2 Pre-release can be downloaded from the Reliance website's Members Section.


Warning: Once you upgrade to Reliance 4.7.2, you must reexport your project for remote users.



Solution 2: Use the tool for replacing the program files of the Web client

If for any reason you are unable to change over to version 4.7.2, use the tool designed to replace the program files of the Web client in a Reliance project. This tool will prompt the user to specify the path to the visualization project, identify the version of Reliance, and, subsequently, replace all exported files of the Web client with newly signed ones. Currently, you can fix projects that have been exported using the following official versions:


  • 4.6.1
  • 4.6.2
  • 4.6.2, Update 1
  • 4.6.2, Update 2
  • 4.6.2, Update 3
  • 4.6.3
  • 4.7.1
  • And some Pre-release versions

Re-sign Tool

The tool for replacing the Web client's program files is free to download by clicking the following button.


Download Re-sign Tool



Warning: The tool can only be used to fix the visualization project, not the installed Reliance system. This means that the project must always be fixed after it is exported for remote users. This solution is particularly suitable for applications running at the end user site (i.e., in situations when there is no need to change and, therefore, export the project for remote users). This solution has an advantage over solution 3 in that it is applied on the server side (it will automatically take effect on all computers running the Web client).



Solution 3: Customize the settings through the Java Control Panel

By customizing the settings through the Java Control Panel, you can manage to run the Web client as it is now. To do so, add the address of the server to the Exception Site List and disable checking certificate revocation. Follow these instructions:


  • Bring up the Java Control Panel.
  • On the Security page, click Edit Site List… to open the Exception Site List.

    Java Security

  • Click Add to add the address of Reliance's data server including the port number. More information can be found on this Web page.

    Java Exception Sitelist

  • Confirm the changes.
  • On the Advanced page, set the Perform signed code certificate revocation checks on property to
    Do not check (not recommended).

    Java Advanced

  • Save the changes.

Drawbacks:


  • The settings must be changed on all the computers on which the Web client is running.
  • Changing the settings (reducing security) affects other Java-based applications.

We recommend that you use solution 1 or 2.

Reliance Earth Icon

Top