This discussion is archived
0 Replies Latest reply: Jun 29, 2011 6:39 AM by Yann39 RSS

Signed applet still show security warning

Yann39 Journeyer
Currently Being Moderated
Hi,

from an intranet web application, I am trying to run a signed applet to access client side files, without having to tell the user to do anything on his computer.
Runing a self-signed applet works of course, but it always shows a warning message to the user. I read that to avoid this warning message, I need to sign my applet using a certificate issued by a real Certification Authority.

So here is how I proceeded :

- I wrote the applet that only contains a function that is called from javascript (so embedded in an AccessController).
- I requested a certificate (to sign my jar file) to a Certification Authority.
- They provide me a link to install the certificte into Firefox, then I exported it as a .p12 file.
- I successfully sign my jar file using jarsigner and the .p12 file.

In IE 8, the signature is verified, I get
The application's digital signature has been verified. Do you want to run the application?
Name : MyAppletName
Publisher : MyName
From: MyHost.ch
But in Firefox 5 and Chrome 12, I still get the warning message :
The application's digital signature cannot be verified. Do you want to run the application?
Name : MyAppletName
Publisher : UNKNOWN
From : MyHost.ch
Certificates (root and intermediate) are in Firefox and Chrome certificate store.

If I import the certificate in the Java certificate store (using JRE control panel -> Security -> Certificates... -> Import), it works perfectly in all browsers without showing a message.

So I don't understand exactly how it works, if anyone can tell me how I can make this warning message disappear, without having to import the certificate in the Java certificate store manually.

Thank you.

Yann.

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points