This discussion is archived
3 Replies Latest reply: Feb 23, 2012 5:28 AM by AllassoTravesser RSS

self-signed applet: "always trust" not recognized/remembered on Mac 10.7

AllassoTravesser Newbie
Currently Being Moderated
Hello,

I have posted this problem on some Mac forums, but after being met with silence, I decided I would turn to the Java community to see if I could find an answer:

I have developed a website archive which is privately distributed as a stand alone archive to be run locally on the user's computer (no server). It uses Lucene search engine (Java) to search the archive; the search API/applet is packaged in a jar file and the jarfile/applet is self-signed.

In order to do the search, a self-signed certificate is created for the search applet, since the files in the archive it is searching are on the user's hard drive. After the initial installation of the archive, and upon the first search initiated, the security window pops up asking the user permission for the user to run the applet.

The problem lies here:

With Windows and all versions of Mac OS X prior to 10.7 (Lion), the user can check "always trust" (or similar), and from then on, subsequent searches are carried out without prompting the user to accept the certificate (even after restarting the browser application)

However, on Lion, the user can run the applet only once, and will continue to get a security prompt on every search afterwards, even though "always trust" is checked. Not only that, often the user gets three prompts in a row before the applet will run (it actually works better to NOT check "always trust", where you will only get one prompt).

This behaviour occurs whether using Firefox or Safari, so it is apparent this is System related, not a browser issue.

I attempted to manually import the certificate both into the Keychain Access, and also into Authorities under Firefox's certificate manager (see http://www.clintharris.net/2009/self-signed-certificates/). This however was not successful.

Some possibilities I have considered are: There is no publisher name for a self-signed cert (though this never was a problem before). As far as importing the certificate, could it be that because the archive is local (url = file://) that it won't recognize it?

Does anyone know what is happening here, or can suggest a work-around for this (besides paying for a "trusted" CA). Everything worked just hunky-dory -- until Lion...

Thank you kindly,

Allasso Travesser

Edited by: 915664 on Feb 20, 2012 6:32 AM

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points