LYNDONVILLE, N.Y. — As providers of Emergency Alert System/Common Alerting Protocol equipment, Monroe Electronics — and its Digital Alert Systems subsidiary — are advising users of their OneNet and DASDEC EAS/CAP systems to download the latest Integrated Public Alert and Warning System Certificate Authority (CA) credentials file.
Users must install these new digital CA credentials, recently issued by The Federal Emergency Management Agency — the administrator of IPAWS — in order to replace the previously issued version, which is set to expire on June 24.
Maintaining the most recent CA credentials is essential to ensuring that OneNet and DASDEC EAS/CAP encoders and decoders continue to operate properly. These devices use these digital certificates to validate the authenticity of IPAWS sourced Common Alerting Protocol alerts.
IPAWS users who fail to update their equipment before June 24 could see the error message: “Event Log: Digital Signature VERIFICATION ERROR : Signer UNTRUSTED! Check for correct CAP decoder CA file.;”
This is because FEMA uses digital CA certificates to create a “chain of trust between Emergency Alert System devices and the IPAWS servers.” According to FEMA IPAWS is an internet-based system that enables federal, state, and local authorities to issue critical public alerts and warnings. It’s accessed through software that meets IPAWS system requirements.
“We have been advised there will be several certificate and policy changes through the end of 2018 that will necessitate some certificate updates during this period,” said Ed Czarnecki, senior director of strategy and government affairs for Monroe Electronics and Digital Alert Systems.
Czarnecki added, “We’re constantly evaluating and updating our systems to stay in step with IPAWS, and since assisting customers is our top priority, we are actively working on new methods of managing government certificates with an improved path forward.”
All OneNet and DASDEC customers using the IPAWS system must have the latest digital certificates in place to assure the validity of the communications chain of trust, which prevents a “man in the middle” attack by only processing the messages that are authenticated through the IPAWS system.