Hi, I have a client (with a support contract) who is having an issue where they have a Java application that is not recognizing their PKI certificates or CA chains that are loaded into their browser. Instead, in order for the application to find the certificates and chains, they have to load them into the Java Control panel. The setting in the control panel (Advanced -> Security -> General) are set to "Use certificates and keys in browser keystore".
They are running this application on Solaris 10 Update 9, the browser is Firefox 3.6.9 (which we are trying to get them to upgrade to 3.6.16), and Java is 1.6.0_24. Is it possible that the application can be making an assumption of a different browser (i.e. InternetExplorer) and therefore not working?
The behaviour you are seeing is as expected. Your assumption is that the browser will use a certificate from its own certificate store which is normally true for both Firefox and IE, however your application is using an applet that is using the certificate from the local java keystore instead of the browser's native certificate store.