0 Replies Latest reply: Jun 29, 2011 8:39 AM by Yann39 RSS

    Signed applet still show security warning

    Yann39
      Hi,

      from an intranet web application, I am trying to run a signed applet to access client side files, without having to tell the user to do anything on his computer.
      Runing a self-signed applet works of course, but it always shows a warning message to the user. I read that to avoid this warning message, I need to sign my applet using a certificate issued by a real Certification Authority.

      So here is how I proceeded :

      - I wrote the applet that only contains a function that is called from javascript (so embedded in an AccessController).
      - I requested a certificate (to sign my jar file) to a Certification Authority.
      - They provide me a link to install the certificte into Firefox, then I exported it as a .p12 file.
      - I successfully sign my jar file using jarsigner and the .p12 file.

      In IE 8, the signature is verified, I get
      The application's digital signature has been verified. Do you want to run the application?
      Name : MyAppletName
      Publisher : MyName
      From: MyHost.ch
      But in Firefox 5 and Chrome 12, I still get the warning message :
      The application's digital signature cannot be verified. Do you want to run the application?
      Name : MyAppletName
      Publisher : UNKNOWN
      From : MyHost.ch
      Certificates (root and intermediate) are in Firefox and Chrome certificate store.

      If I import the certificate in the Java certificate store (using JRE control panel -> Security -> Certificates... -> Import), it works perfectly in all browsers without showing a message.

      So I don't understand exactly how it works, if anyone can tell me how I can make this warning message disappear, without having to import the certificate in the Java certificate store manually.

      Thank you.

      Yann.