This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Applets and the fly likes Signed Applet still generates error Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Applets
Bookmark "Signed Applet still generates error" Watch "Signed Applet still generates error" New topic
Author

Signed Applet still generates error

Pat Peg
Ranch Hand

Joined: Feb 04, 2005
Posts: 194
I signed the Jar file using jarsigner and redeployed. On my development environment I got a warning sign saying that the certificate was from me and asked if I wanted to trust it. After accepting, the applet worked fine and I get no more yellow warning signs nor am I prompted to trust it each time.

This morning I deploy the same jar on our production environment.



I log in and I get

"The published cannot be verified by a trusted source. Code will be treated as unsigned."
"sun.security.validator.ValidatorException.PKIX path validation failed:"
"java.security.cert.CertPathValidatorException: algorithm, check failed: MD2withRSA is disabled"

I click OK and the problem is not fixed. This is a different error message then what I got on development so I am not sure what the difference is or what the nature of the new error problem is.

Could someone give me some ideas as to what I need to check? I do not directly maintain our production and development environments so I am not sure what is different between them. I was told that development is an exact copy of production but I am thinking it is not.

Thanks
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41137
    
  45
MD2 is no longer considered cryptologically secure, so it has been disabled in one of the JRE 6 updates. The workaround is to use certificates that were created using algorithms that are still considered secure. Look for the documentation of keytool's -keyalg and -sigalg parameters; they should mention what else is available.


Ping & DNS - my free Android networking tools app
Pat Peg
Ranch Hand

Joined: Feb 04, 2005
Posts: 194
Thanks-yea that looks like what my research is telling me. The problem is that my employer does not want to pay for a certificate. The one I used was self generated. It looks like you can not get around this with a self generated certificate-is that correct?
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41137
    
  45
Self-signed vs. commercial has nothing to do with which algorithm is used to generate it. Did you check out what options keytool supports for the sigalg parameter?
Pat Peg
Ranch Hand

Joined: Feb 04, 2005
Posts: 194
OK-thanks. That actually helped a lot. I am sure I will have 10,000 more questions before its over.

I'll post it as separate questions,

 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Signed Applet still generates error
 
Similar Threads
Wrestling with access control security
Signed applet throws security exceptions
An Applet to contact a different server than it was downloaded from?
Maven repository maintenance
Self signing JAR works but one issue