0 Replies Latest reply: Feb 3, 2014 1:39 PM by 00de624f-8298-4161-9503-cb3a5d79d05c RSS

    Regardig JDK-8016771 : 7u25: warning dialogue still show up even all jar files are signed

    00de624f-8298-4161-9503-cb3a5d79d05c

      Hello,

       

      Firslty - I want to mention that I am brand new here. So, I am not sure if this is the right place to have this discussion - if it is not - kindly point me to the location where I should post it.

       

      My question is regrding the bug Regardig JDK-8016771 : 7u25: warning dialogue still show up even all jar files are signed.

       

      We had build a small java applet using jre 1.1.8. And it was very simple - we did not signed it and\or used any certificate. We were not concerend about it because that is a very small part in out software suit.

       

      Now - with the recent update (when customer updates to 1.7)  - the webpage can not be reached because the security feature.

       

      Now as suggested here

       

      http://bugs.sun.com/view_bug.do?bug_id=8016771

       

      We did do the following

       

         1) Create all index entries first; index.list

         2) Then try to sign all the jars

       

      So, this is waht we did -

       

      We only have one jar file  -> cyberchat.jar

       

      I downloaded the latest jdk 1.7 to use the jarsigner. After that inorder to index it I used the following command

       

      C:\jdk1.7.0_51\bin\jar -i C:\Working\CCS\Root\Source\Services\WebChat\CyberChat\Applet\CyberChat.jar

       

      That did not give me any error.

       

      Then in order to sign it with our certificate (cerificate used certify other exe and services) I used the following command

       

      C:\Program Files\Java\jdk1.7.0_51\bin>jarsigner -storetype pkcs12 -keystore "C:\Shared\SignTool\pfcert.pfx" "C:\Working\CCS\Root\Source\Services\WebChat\CyberCh

      at\Applet\cyberchat.src.jar" "le-973a7aac-c571-40e5-9d71-70e46b7277a0"

      Enter Passphrase for keystore:

       

      after enterting the keystore

      I get back the following message

       

      Warning:

      The signer's certificate chain is not validated.

      No -tsa or -tsacert is provided and this jar is not timestamped. Without a timestamp, users may not be able to validate this jar after the signer certificate's expiration date (201

      5-02-18) or after any future revocation date.

       

      Now, I am not worred about the timestamp warnig. But I think due to the cetificate chain warning - our users are still not able to access the web applet - because it is still being blocked.

       

      Now -  I was wondering if anyone could kindly tell me how could I get that warning go away.

       

      FYI - we do not want to compile our code against latest version of jre