We have a Java application that uses RxTx to update the firmware of our game console. To avoid security alerts when the users starts the Java application on our website through WebStart we have bought a trusted certificate and signed the application with that. All checks indicate that it is successfully signed and if I launch the application via Safari on my Mac(OS X 10.6.8) with Java 1.6.0_41 it starts without any complains.
But if I launch it using IE9 on a Windows 8 machine I get an alert saying "Do you want to run this application? This application will run with unrestricted access which may put your computer and personal information at risk. Run this application only if you trust the publisher. This application's digital signature has expired. More Information".
If I click the More Information I get "This application will run with unrestricted access to your personal files and other facilities(webcam, microphone) on your computer.
Although the application has a digital signature, the application's associated file(JNLP) does not have one. A digital signature ensures that a file is from the vendor and that it has not been altered.
The digital signature was generated with a trusted certificate."
I have tried to find a solution how to not get this message and think what I need to do is sign the JNLP file(i.e. copy it into the jar as pointed out here) but what I cannot find is how to get NetBeans to do that! I'm using NetBeans 6.9.1. Anyone know how to do this and if it is enough to sign the JNLP?
To verify that the file was correctly signed I did the following:
jarsigner -verify -certs -verbose OribooDesktopClient.jar
6396 Thu Feb 28 17:14:14 CET 2013 META-INF/MANIFEST.MF
6354 Thu Feb 28 17:14:14 CET 2013 META-INF/MOVINTOF.SF
1843 Thu Feb 28 17:14:14 CET 2013 META-INF/MOVINTOF.RSA
0 Thu Feb 28 17:07:28 CET 2013 META-INF/
0 Thu Feb 28 17:07:26 CET 2013 oribooDesktopClient/
0 Thu Feb 28 17:07:26 CET 2013 oribooDesktopClient/resources/
0 Thu Feb 28 17:07:26 CET 2013 oribooDesktopClient/resources/busyicons/
sm 3912 Thu Feb 28 17:07:26 CET 2013 oribooDesktopClient/BBDatabase.class
X.509, CN=Movinto fun AB, O=Movinto fun AB, STREET=?rev?gen 138, L=?re, ST=J?mtland, OID.2.5.4.17=83013, C=SE
[certificate is valid from 2/28/13 1:00 AM to 3/1/14 12:59 AM]
sm 2497 Thu Feb 28 17:07:26 CET 2013 oribooDesktopClient/Binary.class
X.509, CN=Movinto fun AB, O=Movinto fun AB, STREET=?rev?gen 138, L=?re, ST=J?mtland, OID.2.5.4.17=83013, C=SE
[certificate is valid from 2/28/13 1:00 AM to 3/1/14 12:59 AM]
....
解决方案
The important part is:
This application's digital signature has expired.
See Appearance of Java Security dialog for details, but you should be expecting something like:
To remove the 'expired' message, the answer is to renew the certificate and sign the jars again. The dialog will still display words to the effect:
This application will run with unrestricted access which may put your computer
and personal information at risk. Run this application only if you trust the
publisher.
The differences will however be:
'Always trust' will default to true.
The yellow diamond with exclamation mark will be changed to something more friendly.
The 'digital signature has expired' message, along with the yellow shield image in the lower left, will be absent.
505
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
