This content has been marked as final. Show 8 replies
Hm...nobody want to answer this question.
Is this means that this problem cannot be resolved by anyone?
I'm disappointed.. sigh
I have generated the keystore and its inner key.Do you mean its private key?
Then I have my signed java applet.Whoa. There are several steps missing here.
1. You need to generate a certificate from that key: either a self-signed certificate, which will only work where the clients trust it, or a CA-signed certificate, which will work anyway. To do either see the JSSE Reference Guide. I strongly recommend you spend the money for a CA-signed certificate. Then the problems you describe will disappear.
2. Having completed all of (1), you then sign the JAR file with that private key.
You need to generate a certificate from that key: either a self-signed certificate, which will only work where the clients trust it, or a CA-signed certificate, which will work anyway.Do you mean that the self-signed certificate would show the correct publisher name (MyCompanyNAme) if the client and the server is in the same network?. So in order to access the application from the internet must we need CA-signed certificate?
Edited by: 924488 on Apr 4, 2012 12:48 AM
Do you mean that the self-signed certificate would show that correct publisher name (MyCompanyNAme) if the client and the server is in the same network?That's what you said already happens. According to your post the problem is over the internet, not in the LAN.
So I don't understand the question.
This is by design, we will display "Unknown" publisher for all the self-signed certificate, the reason is that self-signed certificate is unsafe and can be created by anyone, we strongly suggest you are using a real certificate which issued by a trusted CA, then it will display the correct publisher name on security dialog box.
When you say - "This is by design" - Oracle's design - ?
- Is this mentioned in the Java Specification somewhere?
- Can you please provide me a link that officially states this fact?
- This was not true in Java 1.5 and is a change in 6 and is an issue for us.
I would have to agree that saying 'Unknown publisher' is more accurate than saying whatever it says in the certificate. There is no reason to believe what the certificate says unless it is signed by a CA.