This discussion is archived
1 Reply Latest reply: Dec 4, 2013 11:30 PM by 9a7d8fdf-b78c-4088-be75-dfb679c86099 RSS

Webstart HTTPS Certificate Validation

9a7d8fdf-b78c-4088-be75-dfb679c86099 Newbie
Currently Being Moderated

We have a webstart application that downloads jars in 2 parts: 1) Jars are downloaded as part of webstart framework 2) Additional jars are downloaded when jnlp runs the main class of the application

We decided to download the jars over HTTPS. I changed the jnlp to download the jars over HTTPS and this triggers webstart framework that checks the server certificate. If the certificate is self-signed it pops up a warning to the user to approve or decline the connection. If the user declines the connection, the jars won't download but if they were downloaded before and appear in the java cache, then the application will be run from the cache. I am having a problem with part 2), where we download jars NOT as part of the webstart framework. At this point, I don't know if the user approved the certificate or declined.

The best behavior that I would like to get is that if user declines the connection, I would like the application to not run at all or to fail at the second phase.

How can I achieve that? Is there a way to determine if the user accepted the certificate or declined it?

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points