• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 735
  • Last Modified:

Certificate not saved when self-signed applet is loaded

I've got a java applet. (Java 1.4.2)
It is a self-signed applet.
When the applet is loaded in IE/Firefox, the popup with 'do you accept this certificate' is shown, we select 'always' but the java certificate is not saved. In the control panel->java->security->certificates we don't see it ,and the applet doesn't load. We see a red cross in the upper left corner.
The certificate is not expired (freshly made).

the html is cgi generated and looks more or less like this (I modified it a bit to put it online):
<applet code="my.class" ARCHIVE="//10.2.1.10//applet//myjar.jar" width="536" height="402"><param name="cache_option" value="browser"\><param name="cache_archive" value="myprogram"\><param name=PORT value=5900><param name="HOST" value="10.2.1.10"\></applet>

The certificate is made on windows xp like this:
keytool -genkey -keystore myprogram_keystore -keyalg RSA -keysize 2048 -alias  myprogram -validity 3515

we build the jar with an ant script :
<signjar keystore="./myprogram_keystore" storepass="blablabla" jar="${lib}/${jarname}" alias="myprogram" />

This is extremely urgent as the software should be released today :( , so please everybody who knows something that might be useful, shoot.

Thanks,

themuppeteer
0
themuppeteer
Asked:
themuppeteer
  • 4
  • 4
  • 2
2 Solutions
 
themuppeteerAuthor Commented:
In the console, we get the following exception:

 java.security.AccessControlException: access denied (java.awt.AWTPermission createRobot)
      at java.security.AccessControlContext.checkPermission(Unknown Source)
      at java.security.AccessController.checkPermission(Unknown Source)
      at java.lang.SecurityManager.checkPermission(Unknown Source)
      at java.awt.Robot.checkRobotAllowed(Unknown Source)
      at java.awt.Robot.init(Unknown Source)
      at java.awt.Robot.<init>(Unknown Source)
      at com.barco.scn.PointerComponent.init(Unknown Source)
      at com.barco.scn.PointerComponent.<init>(Unknown Source)
      at com.barco.scn.RemotePointer.init(Unknown Source)
      at sun.applet.AppletPanel.run(Unknown Source)
      at java.lang.Thread.run(Unknown Source)

Something else; When we create a html  page locally,and load the applet we do not get the error, and everything works fine.

0
 
Giant2Commented:
Here you can find all about certificate:
http://mindprod.com/jgloss/certificate.html

If certificate is not downloaded, I believe the problem could be the right position of it.
0
 
Giant2Commented:
>java.awt.AWTPermission createRobot
probably you use this permission (AwtPermission) and it is not on granted by the signed applet.
0
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

 
themuppeteerAuthor Commented:
Hi Giant2, thanks for answering.

If we create the certificate with DSA instead of RSA, it works.

keytool -genkey -keystore dsa.keystore -keyalg DSA -alias myprogram  -validity 3515

Any idea why DSA works and RSA doesn't ? or could the 'keysize' be an issue ?

0
 
Mayank SAssociate Director - Product EngineeringCommented:
DSA does not do encryption. It is only a signature algorithm. RSA does both encryption and signing, though modern RSA PGP keys (v4) are actually two RSA keys: one for signing only, and one for encryption only.
0
 
Mayank SAssociate Director - Product EngineeringCommented:
Any reason for the B grade? You can ask for more clarification if you want.
0
 
themuppeteerAuthor Commented:
well, yes. I never really got an answer on the question, the problem has not really been solved. we just avoided it with DSA instead of RSA. Giant2 stopped responding, and your answer was informative but did not solve the problem.
I was actually searching for an option to give you guys points for the effort without having to chose an "accepted answer".

Best regards,
themuppeteer
0
 
Mayank SAssociate Director - Product EngineeringCommented:
>> or could the 'keysize' be an issue ?

That is what I essentialy wished to justify. The key-size of both is different
0
 
themuppeteerAuthor Commented:
We tried with the same keysizes for DSA and RSA but the result was the same.
I'm sure it is just me not knowing any of this key stuff, but I couldn't find any 'way to go', or something to try in of your answer. And because we had to deliver that day, I didn't go in on that any further and we went for DSA and delivered...
0
 
Mayank SAssociate Director - Product EngineeringCommented:
>> We tried with the same keysizes for DSA and RSA but the result was the same

Should be because they are different algorithms.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

  • 4
  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now