Digital Alert Systems, a provider of emergency communications products for video services providers, has released an important update of Federal Emergency Management Agency (FEMA) digital certificates used to authenticate messaging from the Integrated Public Alert and Warning System (IPAWS).
The company has released updated IPAWS Certificate Authority (CA) credentials for the DASDEC and One-Net series of Emergency Alert System/Common Alerting Protocol (EAS/CAP) encoder/decoders.
They replace a certificate in the current certification chain that will expire on August 21.
All U.S. DASDEC and One-Net users are advised to replace the soon-to-expire certificate to ensure the required message authentication continues to operate properly. Digital Alert Systems reminds all EAS participants the FCC requires them to “configure their systems to reject all CAP-formatted EAS messages that include an invalid digital signature.”
Digital certificates, called CAs, are used by FEMA to create a chain of trust between an EAS device and the IPAWS servers. The DASDEC and One-Net EAS/CAP devices use these special digital certificates to validate the authenticity of IPAWS-sourced CAP alerts. These certificates are designed to expire on a specific date and time, requiring the issuing authority to publish new certificates as replacements.
All DASDEC and One-Net customers using the IPAWS system must have the latest certificates in place so only messages authenticated through IPAWS are processed. IPAWS users who do not update their equipment before Aug. 21 could see this error message: “Event Log: Digital Signature VERIFICATION ERROR: Signer UNTRUSTED! Check for correct CAP decoder CA file.” Alternatively, the device might simply ignore valid IPAWS alerts.
The new field service bulletin and CA file are now available from the Digital Alert Systems website. DASDEC and One-Net customers should go to the website, download the field service bulletin for instructions, and link to the new CA file.