签名证书和SSL

Question

I currently have a website hosted with Hostgator that has a java upload applet; however, on page visit, the browser blocks the java applet from executing. Reason given is security settings have blocked a SELF-SIGNED application from running.

My question is, how can I get past this, WITHOUT modifying java security levels. I want users to be able to access the applet without getting this error AND without having to modify any of their current browser settings.

(I signed the applet myself using keytool).

Thank you.

Answer 1

There are two ways:

1. You need to buy a SSL certificate from a trusted party like Verisign or Thawte , or any other (cheaper) trusted provider . Then you need to sign your applet with this certificate instead. Since such certificate will be provided by a globally-trusted party, your users' JVM will automatically trust it.

   If you decide to go with the cheaper ssl provider, make sure it's root certificate is in the default list of trusted certificates of the JVM. You can check that, by listing certificates, that come with the installation of Java - like this:

    keytool -list -keystore cacerts -storepass changeit 

   where changeit is the default cacerts keystore password, and the cacerts file can be found in lib\\security folder of jour JRE installation - on Windows this will be something like:

    c:\\Program Files (x86)\\Java\\jre[version]\\lib\\security\\ 

2. Send the public key to your users, and make them add it to trusted certificates of their JVM (usually that means, importing the certificate you provide to the aforementioned cacerts file. This step however requires using keytool and command line and will most likely be troublesome for most of your users.