How to use Java code signing certificate in oracle 11i

Similar Messages

• How to use Java code inside WebDynpro-ABAP

  Hi,
      How to use Java code inside WebDynpro-ABAP.
  Could any one provide sample code.
  Cheers,
  Sam

  Hi Sam,
  We can't Bring Java Inside the ABAP. Both are running in different Environments.
  and also ABAP Codes are runs on BASIS.
  -Basis is a middleware between ABAP codes and Ur OS.
  -Contains set of programs to load,RUN,intepret the ABAP program..
  So Both are Different.
  Regards,
  Ramganesan K.

• How to use a self-signed certificate

  Hello,
  I am having some troubles understanding how to use a self-signed certificate. I have created one using Keychain Access -> Create Certificate but it never asked me for the private key and it never told me where the certificate is stored. How am I supposed to use it?
  Typically I would like to do two things:
  1) use the certificate to for example sign an email or other document so that the recipient can verify that it was really me. I understand the concept that they have to have my public key and use it to somehow decrypt something that I have encrypted with my private key. But where is my private key? As mentioned, the certificate creation process never at any point asked me to provide a private key.  An example using this process to sign an email would be really appreciated.
  2) I want to be able to decrypt a message that someone sends to me after encrypting it with my public key. Again, I need my private key, where is it? I was never asked to choose one!
  Please note that i am familiar with the whole process using openSSL ssh via command line, I just need to understand how to achieve the same thing using the certificate creation procedure provided via Keychain Access.
  In short, now thta I have created my certificate, how do I use it? Examples for dummies would be really appreciated
  Thanks  in advance
  /Andrea

  Can you import the CA cert under “Your Certificates.”, delete the CA cert, switched to “Authorities”, re-imported the CA cert, and restarted Firefox.

• Using a Code Signing Certificate for download on Azure

  Currently, I have a hosted web application and Web API on a VM that I use to allow users to download an executable file that is signed with a Code Signing certificate. My question is how would I do the same thing with a Web Role or Cloud Service?  The
  goal is to move to PAAS in Azure with our web application.
  Thanks for any help in advance.

  I appreciate the link to the article, but I don't need an SSL certificate, I need a code signing certificate.  I'm afraid this post does not help me at all.  What I need is a certificate to sign my downloadable applications with.  I have
  an .exe file that users can download, and I need those people to know my code can be trusted, which is why I need the code signing certificate.  My problem is how do I utilize this with a Web Role or Cloud Service?

• Replacing the Java Code Signing Certificate on the ASA 55xx VPN/Firewall Appliance

  Hi,
  basically I am trying to achieve what's documented in
  http://www.cisco.com/en/US/docs/security/asa/asa80/release/notes/asarn80.html#wp242704
  (using ASDM: "crypto ca import" = Remote Access VPN -> Certificate Management ->  Code Signer -> Import)
  I give it a complete PKCS12 bundle (unencrypted private key + certificates up to the root CA) to the ASA.
  I can indeed verify that it has been imported correctly by exporting it again:
    crypto ca export CodeSignerBundle pkcs12 1234
  It shows me the private key and all the certificates.
  However, the jars used in WebVPN, while carrying the correct certificate, don't have a full certification chain at their disposal:
  Using jarsigner -verify I see on a random file from the jar:
  sm       905 Fri Nov 30 00:00:00 CET 1979 Java/lang/CpUtf8.class
        X.509, CN=COMMONNAME, O=ORGANIZATION, L=LOCATION, ST=STATE, C=COUNTRY
        [certificate is valid from 8/1/13 4:30 PM to 8/1/16 4:30 PM]
        X.509, CN=LuxTrust Qualified CA, O=LuxTrust S.A., C=LU
        [certificate is valid from 6/5/08 11:25 AM to 10/18/16 12:40 PM]
        [CertPath not validated: Path does not chain with any of the trust anchors]
  Indeed the certificate file inside the jar (META-INF/.....RSA) does not contain what I uploaded to the ASA. One of the intermediary certificates is missing (while another certificate is listed twice).
  What could be the problem here? (ASA v8.2(5))
  Thanks for any help,
  Marki

  It may be that a ip address pool is not assigned to the default webvpn group:
  tunnel-group DefaultWEBVPNGroup general-attributes
  address-pool testpool

• Does anyone know how to use a self signed certificate with apple mail??

  Ive read about it in mail's help and tried to set it up according to it. Ive created a self-signed certificate but have no idea how to set it up as it would work with Mail so that i would be able to send signed messages. could anyone help me??

  Hello rado:
  Welcome to Apple discussions.
  I am assuming this is what you read:
  http://docs.info.apple.com/article.html?path=Mac/10.5/en/8916.html
  If you follow the instructions when you set up the certificate, you should be fine.
  Incidentally, most +"ordinary users"+ (like me) do not use this function. I am curious as to why you want to jump through hoops in your Mail application.
  Barry

• How to use java code in my forms.................

  Hi All,
  I want to use the below java code in my form 6i ..but don't know how????????
  related function is also given below..........
  Any idea .......Please
  Thanks
  Harry.....
  import java.awt.*;
  import javax.swing.*;
  import java.awt.event.*;
  import java.sql.*;
  public class MyProgram {
  private static Connection con = null;
  private static Statement st;
  public static ResultSet rs;
  public static String s;
  /* public void setlable(int n)
  rs = st.executeQuery("SELECT number_to_words("+n+") FROM dual");
  while (rs.next())
  output.setText(rs.getString(1));
  public static void main(String[] args) {
  try
  Class.forName("oracle.jdbc.driver.OracleDriver");
  Connection con = DriverManager.getConnection("jdbc:oracle:thin:@172.19.193.38:1525:ITSTIN", "scott", "tiger");
  st = con.createStatement();
  }catch(Exception exp){
  System.out.println("Error"+exp.toString());
  JFrame f = new JFrame("Conver Digit to Words..");
  JLabel input = new JLabel("Enter Numeric digits :");
  final JLabel output = new JLabel("Please enter value into TestBox.....",JLabel.CENTER);
  final JTextField TF1 = new JTextField(90);
  final JButton B1 = new JButton("Close");
  f.setSize(750, 250);
  f.setLocation(300,200);
  f.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
  Container contentPane = f.getContentPane();
  contentPane.setLayout(null);
  contentPane.setBackground(Color.CYAN);
  TF1.setLocation(300,25);
  TF1.setSize(150,30);
  input.setLocation(175,25);
  input.setSize(150,30);
  input.requestFocus();
  output.setLocation(15,100);
  output.setSize(650,30);
  output.setForeground(Color.RED);
  B1.setSize(100,32);
  B1.setLocation(620,175);
  contentPane.add(TF1);
  contentPane.add(input);
  contentPane.add(output);
  contentPane.add(B1);
  f.setVisible(true);
  B1.addMouseListener(new MouseAdapter(){
  public void mouseClicked(MouseEvent me)
  System.exit(0);
  TF1.addKeyListener(new KeyAdapter(){
  public void keyReleased(KeyEvent event){
  if (TF1.getText().equals("") )
  output.setText("Please enter value into TestBox.....");
  else
  try
  if (TF1.getText().length()<12)
  s = "SELECT initcap(number_to_words("+Long.parseLong(TF1.getText())+")) FROM dual";
  rs = st.executeQuery(s); //Function number_to_words exists in scott@itstin created by AMUY-IN
  while (rs.next())
  output.setText(rs.getString(1));
  }catch(Exception e)
  System.out.println("Error-2"+e.toString());
  ================================function===============
  CREATE OR REPLACE FUNCTION amuy_con_to_eng(nm2 NUMBER) RETURN VARCHAR2 IS
  nm1 NUMBER(10,0) := nm2;
  NM VARCHAR2(100):='';
  div NUMBER;
  BEGIN
  WHILE nm1>0 LOOP
  IF nm1>=20 THEN
  div :=Floor(nm1/10);
  NM := NM||' '||base_convert(div*10);
  nm1:=Mod(nm1,10);
  END IF;
  IF nm1>=1 AND nm1<20 THEN
  NM := NM||' '||base_convert(nm1);
  nm1:=nm1/10;
  END IF;
  nm1 :=Floor(nm1/10);
  END LOOP;
  RETURN NM;
  END;
  CREATE OR REPLACE FUNCTION number_to_words(inm NUMBER) RETURN VARCHAR2 IS
  /* Function that converts number's to word's*/
  /* Created buy amuy-in */
  l_inm NUMBER(35,0);
  NM VARCHAR2(1000):='';
  div NUMBER;
  BEGIN
  l_inm := inm;
  IF inm<=0 THEN
  RETURN 'ZERO';
  ELSE
  WHILE l_inm>0 LOOP
  case when Length(l_inm) >= 1 AND Length(l_inm)<=2
  then RETURN NM||' '||sf_num_to_words(l_inm);
  when Length(l_inm) = 3
  then div :=Floor(l_inm/RPad(1,3,0));
  l_inm := Mod(l_inm,RPad(1,3,0));
  NM :=NM||' '||sf_num_to_words(div)||' '||'HUNDRED';
  when Length(l_inm) >= 4 AND Length(l_inm) <= 5
  then div :=Floor(l_inm/RPad(1,4,0));
  l_inm := Mod(l_inm,RPad(1,4,0));
  NM :=NM||' '||sf_num_to_words(div)||' '||'THOUSAND';
  when Length(l_inm) >= 6 AND Length(l_inm) <= 7
  then div :=Floor(l_inm/RPad(1,6,0));
  l_inm := Mod(l_inm,RPad(1,6,0));
  NM :=NM||' '||sf_num_to_words(div)||' '||'LAKH';
  when Length(l_inm) >= 8 AND Length(l_inm) <= 9
  then div :=Floor(l_inm/RPad(1,8,0));
  l_inm := Mod(l_inm,RPad(1,8,0));
  NM :=NM||' '||sf_num_to_words(div)||' '||'CRORE';
  when Length(l_inm) >= 10 AND Length(l_inm) <= 11
  then div :=Floor(l_inm/RPad(1,10,0));
  l_inm := Mod(l_inm,RPad(1,10,0));
  NM :=NM||' '||sf_num_to_words(div)||' '||'ARAB';
  ELSE RETURN 'ERROR {Length of input value should be <12}';
  END CASE;
  END LOOP;
  RETURN NM ;
  END IF;
  END;
  /

  You cannot use java directly inside forms. You can either create a java-bean to enhance the GUI (as you have some UI-components in your java-code, i guess this would be the direction) or use the java-importer and call server-side-java. Both require that you are running forms in a web-version and not as client-server.
  What exactly is your requirement?

• How to use Java code to implement Divide-and-Conquer multiplication???

  i think use Divide-and-Conquer multiplication algorithm to multiply 31415975 by 81882818. Because i have study data structure and algorithm for needs people helps to solve this problem!!! The answer is should equals the both number (31415975 * 81882818) multiplication! There are must pass the program to calculation the multiply with use divide-and-Conquer!
  How to use the program calculation the both number multiplication with divide-and-Conquer??? That is needs display the different number multiplication on the screen!!!

  This is what I think you meant to say
  yijun1988 wrote:
  I am considering using Divide-and-Conquer multiplication algorithm to multiply 31415975 by 81882818.
  Because i have study data structure and algorithm.
  I need help to solve this problem!
  The result should equal the product (multiplication) of the two numbers (31415975 * 81882818)
  The input must be passed as parameters to the program to calculate the product using Divide-and-Conquer!
  How to implement number multiplication with divide-and-Conquer?
  The steps of the algorithm need to be displayed on the screen!Which part of this are you having problems with?

• How to use java code in netui

  Hi all,
  i want to use
  <input type="checkbox" name="active" value="1" <%=( appraiser.getActive()).equals("1")
  )?" checked ":""%>> Yes</td>
  in netui like
  <netui:checkBox dataSource="{actionForm.active}" />
  but until now, i can find how to solve this problem .....
  the goal is ... if the value in active is 1, i want the check box is check .....else
  Thanks
  Sougata
  thank's for your help
  best regard

  Sougata,
  Is your question how to set a netui:checkBox to checked or unchecked when
  the checkBox is first presented to the user?
  - john
  "Sougata" <[email protected]> wrote in message
  news:40584118$[email protected]..
  >
  Hi all,
  i want to use
  <input type="checkbox" name="active" value="1" <%=(appraiser.getActive()).equals("1")
  )?" checked ":""%>> Yes</td>
  in netui like
  <netui:checkBox dataSource="{actionForm.active}" />
  but until now, i can find how to solve this problem .....
  the goal is ... if the value in active is 1, i want the check box is check.....else
  Thanks
  Sougata
  thank's for your help
  best regard

• How to use a self signed certificate in Firefox 33

  Unfortunatly https://support.mozilla.org/de/questions/1012765 does not provied a reasonable solution for version 33
  Is there realy no other option, to use own testsites and old embedded Web-Servers, than switching to chromium?

  Can you import the CA cert under “Your Certificates.”, delete the CA cert, switched to “Authorities”, re-imported the CA cert, and restarted Firefox.

• A PKI Code Signing Certificate question.

  Hello,
  Can someone please help me with the following question.
  I have created and used a code Signing certificate from our Microsoft Enterprise CA before which works OK, but I am not sure I did it correctly, and have a few related questions please.
  what I did.
  1: Logged on the CA directly, went to the CertSvc web site, requested a code signing cert, issued it and exported it along with the private key.
  2: Imported the above certificate into CurrentUser/My store on PC and used it to sign code
  3: Took the came certificate (along with the private key, and this is where perhaps I made at least one mistake) and imported it into the 'Trusted Publishers' store the PC that will be running the signed code. This step was done so the user does not receive
  a message asking if they want to run the code signed by "AAnotherUser" as it were, as although the code is signed by a trusted CA, the user still gets this warning message as the 'Publisher' is not in the 'Trusted Publishers' list. Therefore the
  way I sorted this at the time was to take the whole certificate as above and import to this store.
  The first mistake I made (as far as I can see as I am new to this area) I think I should have not imported the certificate 'along with its private key' into the trusted publishers store? in other words should I have imported the certificate 'minus its
  private key' into the trusted publishers store?
  Also, I understand you have to have the certificate along with is private key to sign code. I am 'assuming' a Hash of the code is taken and this is signed (encrypted) with the private key (in the same way a CA signs a CSR for a WEBServer cert for example),
  is that correct i.e. is that what it mean to sign code?
  if the above is correct then I assume you only need the 'public' key of the code signed cert in the 'Trusted Publishers Store' to verify the code was signed by a trusted CA and it has not been altered e.g. the Hash code still computes to the same value.
  Is this correct?
  My next question is regarding the private key. As I need to 'Login' to AD in order to request a code signing cert, can the 'private key' not be stored securely in AD along with my AD User account?
  if the above is possible (which would make good sense to me I think) then I do not have to worry about looking after the safety of the private key as the system 'AD' can do this for me. It would also mean which every computer I logon to in the domain I would
  have access to the private key (but no other user) and therefore be able to sign code I assume. Does this last paragraph make sense can this be done/is this done?
  Basically I need to understand the above, in order to understand more about Crypto.
  I also need create a code signing cert for a 'department' of about 10 people. Therefore I was thinking about creating and AD account called 'XYZCorpCodeSigning' or what ever, and issuing a code singing cert to this entity. If the private key could be stored
  in AD then accessed used once signed in as this account (these 10 people would need to know the password for the account) this would make life easier/more secure, I think.
  I know there are several question above, but it would be great it they would be answered as I would help me understand more about how it all works and to solve a problem too
  Thanks very much
  AAnotherUser__
  AAnotherUser__

  > The first mistake I made (as far as I can see as I am new to this area) I think I should have not imported the certificate 'along with its private key' into the trusted publishers store
  yes, it is not correct. Only public part should be imported to a Trusted Publishers container.
  >  is that correct i.e. is that what it mean to sign code
  exactly. Encryption with private key and decrypting with public key is called "digital signature".
  > if the above is correct then I assume you only need the 'public' key of the code signed cert in the 'Trusted Publishers Store' to verify the code was signed by a trusted CA and it has not been altered e.g. the Hash code still computes to the same
  value. Is this correct?
  yes. Client uses only public part of the certificate to validate the signature.
  > As I need to 'Login' to AD in order to request a code signing cert, can the 'private key' not be stored securely in AD along with my AD User account?
  normally code signing certificates are not stored in Active Directory and should not be there, because signing certificate is included in the signature field.
  > I do not have to worry about looking after the safety of the private key as the system 'AD' can do this for me.
  this is wrong assumption. A user is responsible to protect signing private key from unauthorized use.
  > If the private key could be stored in AD then accessed used once signed in as this account (these 10 people would need to know the password for the account) this would make life easier/more secure
  wouldn't, because if something happens -- you will never know who compromised the key.
  as a general practice, we recommend to purchase at least few smart cards to store signing keys. Depending on a particular code development practice, there might be a dedicated employee (for example, manager of devs) who the only has access to a smart card
  (and PIN) and signs the code upon dev request. Or issue a dedicated smart card with unique signing certificate to each developer. However this will add a complexity in signing certificate trust management.
  My weblog: en-us.sysadmins.lv
  PowerShell PKI Module: pspki.codeplex.com
  PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
  Check out new: SSL Certificate Verifier
  Check out new:
  PowerShell FCIV tool.

• Windows Code Signing Certificate

  How to convert Windows Code Signing Certificate from p7s format to AET format

  Where did you get this 'p7s' file?  Did someone try to send you an AET in an SMIME encoded message? 
  File extension: p7s, is usually associated with a file containing PKCS #7 signed data and 'AET' usually refers to an 'Application Enrollment Token', which is associated with Windows Phone Enterprise application management.
  To create an AET for Windows Phone you need to have a proper code signing certificate from Symantec. (...you can't use just any code signing certificate.)
  When you obtain a code signing certificate from Symantec it should be installed into your computers certificate store.  You can then export the certificate and private key to a *.pfx file to use for signing apps or if you need to move it to a different
  computer.
  see:
  Windows Phone 8: Steps to acquire an Enterprise Mobile Code Signing Certificate required to sign LOB or company apps
  and:
  Frequently asked questions about Windows Phone Company Hub apps
  Eric Fleck, Windows Store and Windows Phone Developer Support. If you would like to provide feedback or suggestions for future improvements to the Windows Phone SDK please go to http://wpdev.uservoice.com/ where you can post your suggestions and/or cast
  your votes for existing suggestions.

• Profile Manager Code Signing Certificate from GoDaddy .spc

  Convert the .spc to .cer for Profile Manager compatability.
  Thought I'd share how to convert a code signing certificate acquired from go daddy as it downloads as a .spc file that Profile manager will not accept.
  When you download your code signing certificate from go daddy it will be a .spc file as stated above, and profile manager needs a .cer file.
  Take your .zip file over to a Windows 7 or better PC and double-click the .zip file.
  Then double-click the enclosed certificate.
  This will open the windows certmgr.
  Expand the certificate and locate your certificate (Should be the one with your company name )
  Right-Click the desired certificate, select all tasks, then Export
  Export the certificate as a DER .cer file.
  Now copy the exported .cer certificate to your Server App/Certificates and import it into the Pending Certificate.
  Once that's done also add the .cer certificate to your keychain.
  Remember to replace the expiring certificate if applicable
  LJS

  After loading the new certificates into the OS X Server box, the client devices will have to use the Profile Manager User Portal to load the updates.
  Here is the Apple documentation on updating the Profile Manager certificate (HT5358), though you may well have found that document already. 
  Unfortunately, the users have to navigate to the portal for that, or you'll have to manage a short-notice device swap.  (If it were even possible here, I'm not sure I'd want folks loading new certs via email, either...)
  If the existing Profile Manager solution doesn't meet your particular needs, then there are alternative MDM solutions around from other vendors, and that are also compatible with the OS X Server and iOS provisioning mechanisms.
  {FWIW, this is a user forum and the folks from Apple may or may not see your report.  If you have acccess to it, the Apple bugreport tool is a common way to log an enhancement request that the folks from Apple will see.}

• Applocker and expired code signing certificates

  Is it possible to allow applocker to use expired code signing certificates for old applications ? 
  Thanks, Magnus
  Magnus

  Hi Magnus,
  >>Is it possible to allow applocker to use expired code signing certificates for old applications ? 
  As far as I know, we should be unable to do this. If a certificate is expired, it is no longer considered an acceptable or usable credential.
  Regarding this question, the following thread can be referred to as reference.
  AppLocker Issue in Windows 7
  https://social.technet.microsoft.com/Forums/windows/en-US/2c78848d-2601-40d2-99c0-9b5c23b735e4/applocker-issue-in-windows-7?forum=w7itprosecurity
  Best regards,
  Frank Shen
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Java security error after 8u31 (Timestamped Jarsigned Applet within valid period of Code Signing certificate)

  Hello,
    I have an applet running in embeddad systems. This program runs without any problem since 8u31 update! After this update it starts to give java security warning and stops running.
  Here is the warning message:
    "Your security settings have blocked an application signed with an expired or not-yet-valid certificate from running"
  What it says is true; my Code Signing Certificate (CSC) is valid between 24 Jan 2014 and 25 Jan 2015. And it expired! However, while i was signing my applet with this certificate i used "timestamp". The authority i choosed was DigiCert. My signing date was 26 Jan 2014 (when my CSC was valid).
  When i started to have this Java Security Error, first i thought i mis-timestamped my code, and check by using the jarsigner -verify command. Here is a partial result:
  s      19607 Mon Jan 27 13:17:34 EET 2014 META-INF/MANIFEST.MF
        [entry was signed on 27.01.2014 13:19]
        X.509, CN=TELESIS TELECOMMUNICATION SYSTEMS, OU=ARGE, O=TELESIS TELECOMMUNICATION SYSTEMS, STREET=TURGUT OZAL BLV.NO:68, L=ANKARA, ST=ANKARA, OID.2.5.4.17=06060, C=TR
        [certificate is valid from 24.01.2014 02:00 to 25.01.2015 01:59]
        X.509, CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
        [certificate is valid from 24.08.2011 03:00 to 30.05.2020 13:48]
        X.509, CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
        [certificate is valid from 07.06.2005 11:09 to 30.05.2020 13:48]
        X.509, CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
        [certificate is valid from 30.05.2000 13:48 to 30.05.2020 13:48]
  sm       495 Thu Jan 23 14:55:22 EET 2014 telesis/WebPhone$1.class
  As you may see the timestamp was correctly done. And it is in the valid period of CSC.
  Than i started to check how Java confirms the Certificate, and found some flowcharts.
  Here is an example from DigiCert:
  Code Signature Verification Process
  After the Web browser downloads the Applet or Web Start application, it checks for a timestamp, authenticates the publisher and Certificate Authority (CA), and checks to see if the code has been altered/corrupted.
  The timestamp is used to identify the validation period for the code signature. If a timestamp is discovered, then the code signature is valid until the end of time, as long as the code remains unchanged. If a timestamp is not discovered, then the code signature is valid as long as the code remains unchanged but only until the Code Signing Certificate expires. The signature is used to authenticate the publisher and the CA, and as long as the publisher (author or developer) has not been blacklisted, the code signature is valid. Finally, the code is checked to make sure that it has not been changed or corrupted.
  If the timestamp (or Code Signature Certificate expiration date) is verified, the signature is validated, and the code is unchanged, then the Web browser admits the Applet or Web Start application. If any of these items do not check out, then the Web browser acts accordingly, with actions dependent on its level of security.
  So according to this scheme, my applet had to work properly, and without security warning.
  However i also found that from Oracle, which also includes the timestamping authorities Certification validity period??? :
  The optional timestamping provides a notary-like capability of identifying
  when the signature was applied.
      If a certificate passes its natural expiration date without revocation,
  trust is extended for the length of the timestamp.
      Timestamps are not considered for certificates that have been revoked,
  as the actual date of compromise could have been before the timestamp
  occurred.
  source:  https://blogs.oracle.com/java-platform-group/entry/signing_code_for_the_long
  So, could anyone please explain why Java gives security error when someone tries to reach that applet?
  Here is a link of applet: http://85.105.68.11/home.asp?dd_056
  I know the situation seems a bit complicated, but i tried to explain as simple as i can.
  waiting for your help,
  regards,
  Anıl

  Hello,
    I have an applet running in embeddad systems. This program runs without any problem since 8u31 update! After this update it starts to give java security warning and stops running.
  Here is the warning message:
    "Your security settings have blocked an application signed with an expired or not-yet-valid certificate from running"
  What it says is true; my Code Signing Certificate (CSC) is valid between 24 Jan 2014 and 25 Jan 2015. And it expired! However, while i was signing my applet with this certificate i used "timestamp". The authority i choosed was DigiCert. My signing date was 26 Jan 2014 (when my CSC was valid).
  When i started to have this Java Security Error, first i thought i mis-timestamped my code, and check by using the jarsigner -verify command. Here is a partial result:
  s      19607 Mon Jan 27 13:17:34 EET 2014 META-INF/MANIFEST.MF
        [entry was signed on 27.01.2014 13:19]
        X.509, CN=TELESIS TELECOMMUNICATION SYSTEMS, OU=ARGE, O=TELESIS TELECOMMUNICATION SYSTEMS, STREET=TURGUT OZAL BLV.NO:68, L=ANKARA, ST=ANKARA, OID.2.5.4.17=06060, C=TR
        [certificate is valid from 24.01.2014 02:00 to 25.01.2015 01:59]
        X.509, CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
        [certificate is valid from 24.08.2011 03:00 to 30.05.2020 13:48]
        X.509, CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
        [certificate is valid from 07.06.2005 11:09 to 30.05.2020 13:48]
        X.509, CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
        [certificate is valid from 30.05.2000 13:48 to 30.05.2020 13:48]
  sm       495 Thu Jan 23 14:55:22 EET 2014 telesis/WebPhone$1.class
  As you may see the timestamp was correctly done. And it is in the valid period of CSC.
  Than i started to check how Java confirms the Certificate, and found some flowcharts.
  Here is an example from DigiCert:
  Code Signature Verification Process
  After the Web browser downloads the Applet or Web Start application, it checks for a timestamp, authenticates the publisher and Certificate Authority (CA), and checks to see if the code has been altered/corrupted.
  The timestamp is used to identify the validation period for the code signature. If a timestamp is discovered, then the code signature is valid until the end of time, as long as the code remains unchanged. If a timestamp is not discovered, then the code signature is valid as long as the code remains unchanged but only until the Code Signing Certificate expires. The signature is used to authenticate the publisher and the CA, and as long as the publisher (author or developer) has not been blacklisted, the code signature is valid. Finally, the code is checked to make sure that it has not been changed or corrupted.
  If the timestamp (or Code Signature Certificate expiration date) is verified, the signature is validated, and the code is unchanged, then the Web browser admits the Applet or Web Start application. If any of these items do not check out, then the Web browser acts accordingly, with actions dependent on its level of security.
  So according to this scheme, my applet had to work properly, and without security warning.
  However i also found that from Oracle, which also includes the timestamping authorities Certification validity period??? :
  The optional timestamping provides a notary-like capability of identifying
  when the signature was applied.
      If a certificate passes its natural expiration date without revocation,
  trust is extended for the length of the timestamp.
      Timestamps are not considered for certificates that have been revoked,
  as the actual date of compromise could have been before the timestamp
  occurred.
  source:  https://blogs.oracle.com/java-platform-group/entry/signing_code_for_the_long
  So, could anyone please explain why Java gives security error when someone tries to reach that applet?
  Here is a link of applet: http://85.105.68.11/home.asp?dd_056
  I know the situation seems a bit complicated, but i tried to explain as simple as i can.
  waiting for your help,
  regards,
  Anıl