Spotfire Ideas Portal
Mod's certificate is still considered valid after code signing certificate is revoked until Analyst/Web Player server is restarted.
Step to reproduce
(1) use spotfire account to develop and sign a mod, save it to library, create visualization from it and save the dxp.
(2) login with another account and trust the mod
(3) revoke spotfire account's code signing certificate used in step (1)
(4) the mod's signature is still considered valid after code signing certificate is revoked until Analyst/Web Player server is restarted.
I think it is reasonable that mod's signature should be considered invalid as soon as the certificate is revoked.
Also, If customer doesn't know about the necessity of service restart and keeps it running for a long period, the the revocation doesn't actually take any effect, this is a huge security vulnerability.
The product documentation doesn't mention this behavior at all.
Hi Magnus ,
Thanks.
That makes sense.
Please close this.
The reason for this behavior is that the revocation status is cached in the web player service. The cache entries expires so the certificate revocation will take effect eventually.
The expiration time is determined by the OCSP response from the certificate authority (CA) according to the standard. The Spotfire server is the CA for certificates that are issued to Spotfire user. It is possible to control the cache expiration time in the Spotfire server using the setting "security.ca.ocsp.response-valid-for-seconds". It is currently not possible to override the expiration time given by a third-part CA.
Finally, note that an existing analysis session is not affected by a certificate revocation. This is "as designed" and is consistent with other applications that relies on certificate verification.
This was first filed as support case 02093518 but determined as an ER.