Products | Versions |
---|---|
Spotfire | All |
When working with Mods in Spotfire, users may encounter different certificate verification statuses, specifically "Verified with root certificate from: N/A - Verified by pinned certificate" and "Verified with root certificate from: Windows certificate store."
This distinction is crucial for understanding how Mods are secured and how they behave, especially in environments without internet access.
Mods displaying "Verified with root certificate from: N/A - Verified by pinned certificate" are signed by certificates that are pre-installed or "pinned" within the Spotfire product itself. These are typically the same certificates used to sign "Data Science Mods."
The key characteristic of pinned certificates is that they allow the Mod to bypass the standard certificate verification process. This means that Spotfire does not need to connect to external certificate authorities or rely on the operating system's certificate store to validate the Mod's authenticity. This makes pinned certificates particularly suitable for environments where Spotfire Server or Web Player servers do not have internet access, as the verification can occur entirely offline.
In contrast, Mods that show "Verified with root certificate from: Windows certificate store" rely on the operating system's built-in certificate management for verification. This process typically involves checking the certificate chain against trusted root certificates present in the Windows certificate store. For this verification to succeed, the system often needs to reach out to online certificate authorities (CAs) to confirm the validity and revocation status of the certificates.
This dependency on external verification makes Mods signed with Windows certificate store roots less ideal for offline environments. If the Spotfire server or web player lacks internet access, the verification process may fail, potentially preventing the Mod from being loaded or used.
The desire to achieve "Verified with root certificate from: N/A - Verified by pinned certificate" stems from the benefits of offline verification. However, it's important to understand that this status cannot be arbitrarily assigned to any Mod.
"If a mod isn't signed by such a certificate, there's no way to turn it into a pinned certificate."
This implies that if a Mod is not inherently signed by a certificate that Spotfire recognizes as pinned, there is no workaround or configuration change that can force it to be verified as such.
All
This article details Mods certificate verification in Spotfire, specifically comparing Pinned and Windows Store Certificates.