Win a copy of Think Java: How to Think Like a Computer Scientist this week in the Java in General forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Signing .jar files for a Website

 
Aluker DeBrownti
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am currently trying to update a few java applets for a website. As of right now, the applets are automatically
blocked on all computers when they are accessed because the newest updates
for Java have caused them to be blocked. I have determined that the
solution to this is to resign the .jar files that are used to run the
application with a new certificate.

I requested and received a certificate (in pkcs 12 format, a .p12 file), imported it into
the computer, and used it to sign the .jar files. However, I have been
getting an error after signing the .jar files stating that the full
certificate chain of the code signing certificate is not valid.

I am not sure what to do from here. I've done a lot of internet
searching for a solution but haven't really found anything that applies to
our exact scenario. Prior to working on this project for work, I have never had any experience with this kind of thing
I contacted someone in the IT department at the University at which I work and he thought that maybe one of the intermediates within the certificate was either missing or illegitimate.
I tried to check the path of the certificate using a method he recommended (using OpenSSL) but didn't really find anything of use. Beyond that

Prior to this project, I had absolutely no knowledge of anything related to Java applets or web design. I would really appreciate any help you can offer me! I'd like to get the website operational as soon as possible!
 
Paul Clapham
Sheriff
Posts: 21107
32
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'd strongly suggest that you call the support line for the people who sold you the certificate and ask them what to do. (They charge you money, they should provide support.) As you say, you probably missed one step in the process. When I did that, there was something called something like "intermediate certificate" which I had to do something with -- but I don't remember what. Like you, signing jar files wasn't something I did every day.
 
Ulf Dittmer
Rancher
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
https://www.ssllabs.com/ has a helpful and informative server test. Checking intermediate certificates is one of the many things it does.
 
Tony Docherty
Bartender
Posts: 2957
59
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
And Welcome to the Ranch
 
Aluker DeBrownti
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ulf Dittmer wrote:https://www.ssllabs.com/ has a helpful and informative server test. Checking intermediate certificates is one of the many things it does.


I tried out this website, but it told me "Assessment failed. No security protocols supported." ...I'm not quite sure what to make of that.

I just contacted InCommon, who provided me with the certificate. I'm hoping they'll be able to shed some light on what's going on.

Thanks for all the responses!
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic