This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
I am currently trying to update a few javaapplets for a website. As of right now, the applets are automatically
blocked on all computers when they are accessed because the newest updates
for Java have caused them to be blocked. I have determined that the
solution to this is to resign the .jar files that are used to run the
application with a new certificate.
I requested and received a certificate (in pkcs 12 format, a .p12 file), imported it into
the computer, and used it to sign the .jar files. However, I have been
getting an error after signing the .jar files stating that the full
certificate chain of the code signing certificate is not valid.
I am not sure what to do from here. I've done a lot of internet
searching for a solution but haven't really found anything that applies to
our exact scenario. Prior to working on this project for work, I have never had any experience with this kind of thing
I contacted someone in the IT department at the University at which I work and he thought that maybe one of the intermediates within the certificate was either missing or illegitimate.
I tried to check the path of the certificate using a method he recommended (using OpenSSL) but didn't really find anything of use. Beyond that
Prior to this project, I had absolutely no knowledge of anything related to Java applets or web design. I would really appreciate any help you can offer me! I'd like to get the website operational as soon as possible!
I'd strongly suggest that you call the support line for the people who sold you the certificate and ask them what to do. (They charge you money, they should provide support.) As you say, you probably missed one step in the process. When I did that, there was something called something like "intermediate certificate" which I had to do something with -- but I don't remember what. Like you, signing jar files wasn't something I did every day.