themuppeteer
asked on
Certificate not saved when self-signed applet is loaded
I've got a java applet. (Java 1.4.2)
It is a self-signed applet.
When the applet is loaded in IE/Firefox, the popup with 'do you accept this certificate' is shown, we select 'always' but the java certificate is not saved. In the control panel->java->security->cer tificates we don't see it ,and the applet doesn't load. We see a red cross in the upper left corner.
The certificate is not expired (freshly made).
the html is cgi generated and looks more or less like this (I modified it a bit to put it online):
<applet code="my.class" ARCHIVE="//10.2.1.10//appl et//myjar. jar" width="536" height="402"><param name="cache_option" value="browser"\><param name="cache_archive" value="myprogram"\><param name=PORT value=5900><param name="HOST" value="10.2.1.10"\></apple t>
The certificate is made on windows xp like this:
keytool -genkey -keystore myprogram_keystore -keyalg RSA -keysize 2048 -alias myprogram -validity 3515
we build the jar with an ant script :
<signjar keystore="./myprogram_keys tore" storepass="blablabla" jar="${lib}/${jarname}" alias="myprogram" />
This is extremely urgent as the software should be released today :( , so please everybody who knows something that might be useful, shoot.
Thanks,
themuppeteer
It is a self-signed applet.
When the applet is loaded in IE/Firefox, the popup with 'do you accept this certificate' is shown, we select 'always' but the java certificate is not saved. In the control panel->java->security->cer
The certificate is not expired (freshly made).
the html is cgi generated and looks more or less like this (I modified it a bit to put it online):
<applet code="my.class" ARCHIVE="//10.2.1.10//appl
The certificate is made on windows xp like this:
keytool -genkey -keystore myprogram_keystore -keyalg RSA -keysize 2048 -alias myprogram -validity 3515
we build the jar with an ant script :
<signjar keystore="./myprogram_keys
This is extremely urgent as the software should be released today :( , so please everybody who knows something that might be useful, shoot.
Thanks,
themuppeteer
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
>java.awt.AWTPermission createRobot
probably you use this permission (AwtPermission) and it is not on granted by the signed applet.
probably you use this permission (AwtPermission) and it is not on granted by the signed applet.
ASKER
Hi Giant2, thanks for answering.
If we create the certificate with DSA instead of RSA, it works.
keytool -genkey -keystore dsa.keystore -keyalg DSA -alias myprogram -validity 3515
Any idea why DSA works and RSA doesn't ? or could the 'keysize' be an issue ?
If we create the certificate with DSA instead of RSA, it works.
keytool -genkey -keystore dsa.keystore -keyalg DSA -alias myprogram -validity 3515
Any idea why DSA works and RSA doesn't ? or could the 'keysize' be an issue ?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Any reason for the B grade? You can ask for more clarification if you want.
ASKER
well, yes. I never really got an answer on the question, the problem has not really been solved. we just avoided it with DSA instead of RSA. Giant2 stopped responding, and your answer was informative but did not solve the problem.
I was actually searching for an option to give you guys points for the effort without having to chose an "accepted answer".
Best regards,
themuppeteer
I was actually searching for an option to give you guys points for the effort without having to chose an "accepted answer".
Best regards,
themuppeteer
>> or could the 'keysize' be an issue ?
That is what I essentialy wished to justify. The key-size of both is different
That is what I essentialy wished to justify. The key-size of both is different
ASKER
We tried with the same keysizes for DSA and RSA but the result was the same.
I'm sure it is just me not knowing any of this key stuff, but I couldn't find any 'way to go', or something to try in of your answer. And because we had to deliver that day, I didn't go in on that any further and we went for DSA and delivered...
I'm sure it is just me not knowing any of this key stuff, but I couldn't find any 'way to go', or something to try in of your answer. And because we had to deliver that day, I didn't go in on that any further and we went for DSA and delivered...
>> We tried with the same keysizes for DSA and RSA but the result was the same
Should be because they are different algorithms.
Should be because they are different algorithms.
ASKER
java.security.AccessContro
at java.security.AccessContro
at java.security.AccessContro
at java.lang.SecurityManager.
at java.awt.Robot.checkRobotA
at java.awt.Robot.init(Unknow
at java.awt.Robot.<init>(Unkn
at com.barco.scn.PointerCompo
at com.barco.scn.PointerCompo
at com.barco.scn.RemotePointe
at sun.applet.AppletPanel.run
at java.lang.Thread.run(Unkno
Something else; When we create a html page locally,and load the applet we do not get the error, and everything works fine.