3

I have generated the keystore and its inner key. Then I signed my test applet. But each time I start my jnlp applet I can see the Internet browser security Warning dialog which shows that...

  • Publisher: UNKNOWN
  • From: http://localhost:8080...

What I could missed? Please help me to set the Publisher.

Any useful comment is appreciated :)

user592704
  • 3,674
  • 11
  • 70
  • 107
  • 1
    See also [How can I set the publisher name in my signed jar file, using a self-signed certificate?](http://stackoverflow.com/questions/6086524/how-can-i-set-the-publisher-name-in-my-signed-jar-file-using-a-self-signed-certi) – Paŭlo Ebermann Aug 22 '11 at 23:07

1 Answers1

2

If you sign using your own key, this warning will be displayed. Some will show "unknown", some will show "untrusted" or "unverified"

To get around it, you will have to get certificate from a CA (i.e. Verisign/Thawte) and sign with that.

Read under "Common Problems" in this page. It is on the bottom of the page.

Sarwar Erfan
  • 18,034
  • 5
  • 46
  • 57
  • Emm but can I gen my own cert? I heard that keystore can do something in this direction... ? Because the UNKNOWN is quite strange. It would be better I could set any String instead :( Or what can be really done with it? – user592704 Mar 22 '11 at 07:06
  • 1
    It is a problem with the plugin, try on another PC/Browser. Getting a certificate will cost you money. Do you really need to remove this warning? – Sarwar Erfan Mar 22 '11 at 07:08
  • How can I show the applet came from or something user recognize the host or the web site? – user592704 Mar 22 '11 at 07:08
  • I mean I need somehow to show a recognizable information but UNKNOWN doesn't reflects can it be accepted even if it is not signed with verisign or something. – user592704 Mar 22 '11 at 07:09
  • I mean how to show it can be trusted or not? How user can trust it if there is cannot be seeing whom can be trusted? Comment please... – user592704 Mar 22 '11 at 07:15
  • A 'self-signed' certificate can be generated by anyone, to claim anything (e.g. any identity). For that reason, a self-signed certificate is 'not worth the bits is is written on'. If you want the certificate to be trusted, it must be issued by a trusted authority (who make efforts to *verify your identity* before issuing the certificate). This is for the protection of the end user, and cannot be 'worked around'. If you do find a work around, please report it as a high priority security bug. As an aside, I cannot afford certified certificates, & use a self-signed one. ;) – Andrew Thompson Mar 22 '11 at 08:38
  • I know but is there a way to gen my own certificate with keytool? And do something useful with it next? Because I just want the UNKNOWN text won't be shown :( Lets my sign is not super verified with some commercial org but I need the end user to see some useful information to see it is the really my applet :) But the UNKNOWN sounds too scaring... Can it be replaced with something like "Andrew's applet" or something so people can have a choice can they trust "andrew's applet" or not? I am not a company but I need something to show it is mine... How can I do this? – user592704 Mar 22 '11 at 08:57
  • Maybe I need to gen my key with some additional args? – user592704 Mar 22 '11 at 09:01
  • If you are able to do it, evil ones will start doing other things and put useful information in the certificate. – Sarwar Erfan Mar 22 '11 at 09:39
  • But what about openssl. I heard that it can be useful for applets... Could you share some info concerning the openssl and applet signing? What if I use openssl cert to sign my applet? – user592704 Mar 23 '11 at 06:33
  • 1
    Unless you are certified by an CA (certificate authority), you are not 'trusted' by the world. PERIOD. – Sarwar Erfan Mar 23 '11 at 06:38