[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 732
  • Last Modified:

Certificate not saved when self-signed applet is loaded

I've got a java applet. (Java 1.4.2)
It is a self-signed applet.
When the applet is loaded in IE/Firefox, the popup with 'do you accept this certificate' is shown, we select 'always' but the java certificate is not saved. In the control panel->java->security->certificates we don't see it ,and the applet doesn't load. We see a red cross in the upper left corner.
The certificate is not expired (freshly made).

the html is cgi generated and looks more or less like this (I modified it a bit to put it online):
<applet code="my.class" ARCHIVE="//10.2.1.10//applet//myjar.jar" width="536" height="402"><param name="cache_option" value="browser"\><param name="cache_archive" value="myprogram"\><param name=PORT value=5900><param name="HOST" value="10.2.1.10"\></applet>

The certificate is made on windows xp like this:
keytool -genkey -keystore myprogram_keystore -keyalg RSA -keysize 2048 -alias  myprogram -validity 3515

we build the jar with an ant script :
<signjar keystore="./myprogram_keystore" storepass="blablabla" jar="${lib}/${jarname}" alias="myprogram" />

This is extremely urgent as the software should be released today :( , so please everybody who knows something that might be useful, shoot.

Thanks,

themuppeteer
0
themuppeteer
Asked:
themuppeteer
  • 4
  • 4
  • 2
2 Solutions
 
themuppeteerAuthor Commented:
In the console, we get the following exception:

 java.security.AccessControlException: access denied (java.awt.AWTPermission createRobot)
      at java.security.AccessControlContext.checkPermission(Unknown Source)
      at java.security.AccessController.checkPermission(Unknown Source)
      at java.lang.SecurityManager.checkPermission(Unknown Source)
      at java.awt.Robot.checkRobotAllowed(Unknown Source)
      at java.awt.Robot.init(Unknown Source)
      at java.awt.Robot.<init>(Unknown Source)
      at com.barco.scn.PointerComponent.init(Unknown Source)
      at com.barco.scn.PointerComponent.<init>(Unknown Source)
      at com.barco.scn.RemotePointer.init(Unknown Source)
      at sun.applet.AppletPanel.run(Unknown Source)
      at java.lang.Thread.run(Unknown Source)

Something else; When we create a html  page locally,and load the applet we do not get the error, and everything works fine.

0
 
Giant2Commented:
Here you can find all about certificate:
http://mindprod.com/jgloss/certificate.html

If certificate is not downloaded, I believe the problem could be the right position of it.
0
 
Giant2Commented:
>java.awt.AWTPermission createRobot
probably you use this permission (AwtPermission) and it is not on granted by the signed applet.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
themuppeteerAuthor Commented:
Hi Giant2, thanks for answering.

If we create the certificate with DSA instead of RSA, it works.

keytool -genkey -keystore dsa.keystore -keyalg DSA -alias myprogram  -validity 3515

Any idea why DSA works and RSA doesn't ? or could the 'keysize' be an issue ?

0
 
Mayank SAssociate Director - Product EngineeringCommented:
DSA does not do encryption. It is only a signature algorithm. RSA does both encryption and signing, though modern RSA PGP keys (v4) are actually two RSA keys: one for signing only, and one for encryption only.
0
 
Mayank SAssociate Director - Product EngineeringCommented:
Any reason for the B grade? You can ask for more clarification if you want.
0
 
themuppeteerAuthor Commented:
well, yes. I never really got an answer on the question, the problem has not really been solved. we just avoided it with DSA instead of RSA. Giant2 stopped responding, and your answer was informative but did not solve the problem.
I was actually searching for an option to give you guys points for the effort without having to chose an "accepted answer".

Best regards,
themuppeteer
0
 
Mayank SAssociate Director - Product EngineeringCommented:
>> or could the 'keysize' be an issue ?

That is what I essentialy wished to justify. The key-size of both is different
0
 
themuppeteerAuthor Commented:
We tried with the same keysizes for DSA and RSA but the result was the same.
I'm sure it is just me not knowing any of this key stuff, but I couldn't find any 'way to go', or something to try in of your answer. And because we had to deliver that day, I didn't go in on that any further and we went for DSA and delivered...
0
 
Mayank SAssociate Director - Product EngineeringCommented:
>> We tried with the same keysizes for DSA and RSA but the result was the same

Should be because they are different algorithms.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 4
  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now