This discussion is archived
8 Replies Latest reply: Jun 13, 2012 5:04 PM by EJP RSS

Have problem in certification

927491 Newbie
Currently Being Moderated
I have generated the keystore and its inner key. Then I have my signed java applet. But each time I start my jnlp applet I can see the Internet browser security Warning dialog. When the application server and the client machine are in the same network , in the dialog box shows "Publisher: MyCompanyName "but when we access the application form the internet,it shows that "Publisher: UNKNOWN".

Anyone could let me know what the cause of this problem.Any help would be greatly appreciated.
  • 1. Re: Have problem in certification
    927491 Newbie
    Currently Being Moderated
    Hm...nobody want to answer this question.
    Is this means that this problem cannot be resolved by anyone?
    I'm disappointed.. sigh
  • 2. Re: Have problem in certification
    EJP Guru
    Currently Being Moderated
    I have generated the keystore and its inner key.
    Do you mean its private key?
    Then I have my signed java applet.
    Whoa. There are several steps missing here.

    1. You need to generate a certificate from that key: either a self-signed certificate, which will only work where the clients trust it, or a CA-signed certificate, which will work anyway. To do either see the JSSE Reference Guide. I strongly recommend you spend the money for a CA-signed certificate. Then the problems you describe will disappear.

    2. Having completed all of (1), you then sign the JAR file with that private key.
  • 3. Re: Have problem in certification
    927491 Newbie
    Currently Being Moderated
    You need to generate a certificate from that key: either a self-signed certificate, which will only work where the clients trust it, or a CA-signed certificate, which will work anyway.
    Do you mean that the self-signed certificate would show the correct publisher name (MyCompanyNAme) if the client and the server is in the same network?. So in order to access the application from the internet must we need CA-signed certificate?

    Edited by: 924488 on Apr 4, 2012 12:48 AM
  • 4. Re: Have problem in certification
    EJP Guru
    Currently Being Moderated
    Do you mean that the self-signed certificate would show that correct publisher name (MyCompanyNAme) if the client and the server is in the same network?
    That's what you said already happens. According to your post the problem is over the internet, not in the LAN.

    So I don't understand the question.
  • 5. Re: Have problem in certification
    892952 Newbie
    Currently Being Moderated
    This is by design, we will display "Unknown" publisher for all the self-signed certificate, the reason is that self-signed certificate is unsafe and can be created by anyone, we strongly suggest you are using a real certificate which issued by a trusted CA, then it will display the correct publisher name on security dialog box.
  • 6. Re: Have problem in certification
    943411 Newbie
    Currently Being Moderated
    When you say - "This is by design" - Oracle's design - ?
    - Is this mentioned in the Java Specification somewhere?
    - Can you please provide me a link that officially states this fact?
    - This was not true in Java 1.5 and is a change in 6 and is an issue for us.
  • 7. Re: Have problem in certification
    817264 Journeyer
    Currently Being Moderated
    See http://www.java.com/en/download/faq/self_signed.xml
  • 8. Re: Have problem in certification
    EJP Guru
    Currently Being Moderated
    I would have to agree that saying 'Unknown publisher' is more accurate than saying whatever it says in the certificate. There is no reason to believe what the certificate says unless it is signed by a CA.

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points