0

When i visit a java application running website I get error "application blocked by security settings" This is due to certificate problem. I know the publisher so i can trust him. Then after a quick google search I changed security setting of java to medium and also added the website to Execption website list. Still I am getting a different window asking me to accept risk and continue running application(Shown in image below). This window comes every time i run it. So how it can be avoided?

enter image description here

IT researcher
  • 3,274
  • 17
  • 79
  • 143
  • 2
    Sign it with a proper certificate from a recognised CA? – Tom Hawtin - tackline Jan 17 '14 at 14:55
  • The error messages says quite clear what the problem is "...because the JAR file manifest does not contain the Permissions attribute.." and how to resolve it "..Please contact the Publisher...". – Steffen Ullrich Jan 17 '14 at 19:35
  • @SteffenUllrich, the missing Permissions attribute is not why it's blocked...yet. – Marcus Adams Jan 17 '14 at 20:05
  • Yes, it is not fully blocked yet, because you get a chance to override it. But for me that message makes clear, that you will not get this warnings in the future but instead it will silently(?) block it, so the publisher must provide information about the needed permissions, must sign it and of course the publishers certificate need to be trusted. – Steffen Ullrich Jan 17 '14 at 20:19
  • @SteffenUllrich I have updated the screen shot of the error. Before it was giving some other error – IT researcher Jan 18 '14 at 12:19

1 Answers1

1

For an application that was signed by a legitimate code signing certificate (that itself was signed by a proper certificate authority in Java's web of trust), you will still see the above dialog, but without the red text. It will display the name on the certificate, and you will have a checkbox that allows you to automatically trust all apps from the same vendor, thus avoiding seeing the dialog again.

However, when the application was not legitimately signed, you will see the above dialog even on medium setting, but you can run it by "accepting the risk". On default security level, you may not even have the option to "accept the risk" and proceed, and on "very high", you will definitely not have the option to proceed.

In order to avoid the dialog with the warning, the application will need to be signed. If it's signed by a legitimate code-singing certificate, it will behave as I described in the first paragraph. If it's self-signed, then the vendor will have to supply you with a copy of the root certificate they used to sign it, and you'll have to import the certificate into Java's store. Then, it will behave just like one that was legitimately signed.

Community
  • 1
  • 1
Marcus Adams
  • 53,009
  • 9
  • 91
  • 143