Avocent/Emerson has released new firmware that fixes the missing permission attribute on the JAR file manifest. They now have a new certificate (that has NOT expired).
However, since certificates are really tied to an I.P. address, Avocent should really allow users to upload their own certificates, which would keep browsers from complaining about mismatches between the name on the certificate and the DNS name of your KVM.