Self Signing and Applets

Similar Messages

• Why my self-signed applet could not read local disk but could write?

  I used a self-signed certificate for the applet yesterday and it worked
  fine at the beginning time, that is, it could write/read file to/from
  local disk, and it could connect to other MDS servers. But later, a
  problem happens. It could write file to local disk(I tested it and created
  files to C:/ under windows) but when it try to read that file, it got a
  io acessing exception. It could connect to other servers. I am puzzled
  about this problem, and I wonder why I could write but could not
  read. Need I deal with any policy file issue here?

  hi,
  i 'am doing something which is similar to the stuff ur doing .I wanted to write into file on the local disk on which the applet is running.for this i have signed the applet .do i need to make it self signed wat is difference between the self signed and signed applet .The problem which i facing is that it still gives me the security exception even if i define the policy file for that applet............Can u help me reagrding this
  Thanks in advance
  your great help would be apprecriated
  rao_lavs

• Self signed Applet - still getting Security Exception...

  Hi everyone...
  I m new to Java Mail... Nd I m developing a Applet to send mail from my Gmail account, nd I used keytool, jarsigner to Self sign the applet. Nd I wrote a Html page and when calling my applet method using javascript, I m having Security Exception... And I m using Java 1.5 (i.e., J2SE 5)
  Here is the sample of my code...
  --------- MyMail.java -----------
  import javax.mail.*;
  import javax.mail.internet.InternetAddress;
  import javax.mail.internet.MimeMessage;
  And all neccessory packages are imported....
  public class MyMail extends JApplet
       String server = "smtp.gmail.com";
       String username;
       String password;
       String fromAddres="";
       String toAddres="";
       Other Variable declaration goes here........
  Session ses;
  Transport tr;
  MimeMessage msg;
       public void init() //For testing purpose
            doLogin("username","password"); //My account details
       public void doLogin(String user,String pass)
            username = user;
            password = pass;
            boolean success;
            fromAddres = user+"@gmail.com";
            toAddres = "[email protected]";
            subject = "TEst SubJect";
            body = "This is Test Mail";
            success = doAuthentication();
            if(success)
                 setHeaders(server,username,password,fromAddres,toAddres,cc,bcc,htmlFormat,subject,body);
                 sendMail(ses);
                 doLogout();
       public void doLogout()
            //Deals with the logout from my account
       public boolean doAuthentication()
            //Deals with the authentication of my account
            // Setting properties, creating a session, getting transport object...
            //and returns true if authentication is success, false if not.
       public void setHeaders(String server, String username, String password, String fromAddress, String toAddress, String cc, String bcc, boolean htmlFormat, String subject, String body)
            //Sets the headers fields for the message (recieved through arguments)
       public void sendMail(Session ses)
            //Deals with sending mail
  class MyPasswordAuthenticator extends Authenticator
       //Deals with the authentication of my account
  ---------- MyMail.html -----------
  <html>
  <head>
  <script language=javascript>
  function sendmail()
  document.MyMail.doLogin("username","password"); //my account details
  </script>
  </head>
  <body>
  <input type=button name=but value=Send mail onclick=sendmail()>
  <applet name=MyMail code=MyMail.class
  archive=mail.jar,activation.jar,mailplus.jar width=0 height=0>
  </applet>
  </body>
  </html>
  And the applet is Self signed using the tools supplied from Java SDK...
  it got signed...
  And as the applet got loaded when i opend the MyMail.html, as i called the doLogin(..,..) in init() it is sending mail successfully...
  The problem is.... As I given the action for my button to send mail (by calling java method from java script i.e., calling doLogin() when the button clicked) I m getting Security Exception
  So...anyone plz tell me the solution....
  Thnx in advance....
  - Kanta

  http://www.google.nl/search?hl=nl&q=site%3Asun.com+javascript+signed+applet&btnG=Google+zoeken&meta=
  DoPrivileged would solve your problem but I've seen some cases where the
  threaded (link mentioned below second post) mothod is the only way it'll work.
  Signing applets:
  http://forum.java.sun.com/thread.jsp?forum=63&thread=524815
  second post and reply 18 for the java class file using doprivileged
  Still problems?
  A Full trace might help us out:
  http://forum.java.sun.com/thread.jspa?threadID=656028

• What are the steps to sign an applet

  I've been searching and reading for weeks now and just recently I though I had it... I put my Uploader tool online, and the "grant yes/no" came up!! I was excited, and then the applet showed up. This was the farthest i'd gotten thus far, and then... it didn't pop up the JFileChoser. It failed yet again.
  I've searched all over the internet for a way to sign your own applet for free. It doesn't need to be trusted, so long as the applet works by just granting permision.
  If you know the steps to signing an applet, then please post them here. Make them easy to follow, with little on the details of how it works.
  And don't stop at just signing the applet.. keep going until the signed applet is uploaded onto a test server. That, I think, is where a lot of people get confused.
  Nobody has yet done this that i've seen (writen a tutorial) and i've been searching fo weeks!
  Greatly appreciated by myself, and thousands to come.

  I have a signed jar file and a html file on my desktop. I'm loading this jar file localy for testing, and the "grant permision [y/n]" pops up.
  The button also pops up. however the JFileChooser does not.
  The jar has been self-signed, and verified using jarsigner -verify Uploader.jar.
  my end pupose is to allow Multi File Uploading on my site.
  I just want my users to accept my applet, and allow my applet to have read permissions enabled.
  I'm not sure if i need a policy file, and if so, where to put that? in the jar? in the same directory? or do I tell the Html file to link to where the policy file is.
  I don't want my users to have to do anything but accept my applet.
  below is my java code for the uploader.. I thought maybe I need to request permission there too.
  And below that is the html file located on the desktop that loads my applet... incase i need to put code in that too.. like a link to a policy file?
  JavaCode..
  /* This Applet will allow the user to upload multiple files at a time
  import java.awt.*;
  import java.awt.event.*;
  import java.applet.*;
  import java.io.File;
  import java.util.jar.*;
  import javax.swing.JFileChooser;
  import javax.swing.SwingUtilities;
  public class Uploader extends Applet implements ActionListener
       Button addFiles;
       Color bgColor;
       public void init()
            //this gets parameters from HTML to set the bgColor
            int r = Integer.parseInt(getParameter("r"), 16);
            int g = Integer.parseInt(getParameter("g"), 16);
            int b = Integer.parseInt(getParameter("b"), 16);
            //set bgColor
            bgColor = new Color(r,g,b);
            //change Background color to bgColor
            setBackground(bgColor);
          setLayout(new FlowLayout());
          addFiles = new Button("Add Files");
          //check if user wants to add files..
          addFiles.addActionListener(this);
          add(addFiles);
       public void actionPerformed(ActionEvent e) {
            //If the upload button was checked.. upload files..
            if (e.getSource() == addFiles){
                 SwingUtilities.invokeLater(new Runnable() {
                      public void run() {
                        JFileChooser fileChooser
                               = new JFileChooser(".");
                        fileChooser.setMultiSelectionEnabled(true);
                        int status = fileChooser.showOpenDialog(null);
                        if (status == JFileChooser.APPROVE_OPTION) {
                               File selectedFiles[] =
                                    fileChooser.getSelectedFiles();
                           for (int i=0,
                                n=selectedFiles.length; i<n; i++) {
                                     System.out.println("Selected: "
                                     + selectedFiles.getParent()
            + " --- "
            + selectedFiles[i].getName());
  HTML
  <!DOCTYPE html PUBLIC "-//w3c//dtd html 4.0 transitional//en">
  <html><head>
     <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
     <meta name="GENERATOR" content="Mozilla/4.51 [nl] (Win98; I) [Netscape]">
     <meta name="Author" content="Bavo Bruylandt (RealApplets.com)">
     <meta name="Description" content="Upload Multiple files at once.">
     <meta name="KeyWords" content="Java applet that uploads multiple files at once"><title>Upload-Multi - Applet</title></head>
  <body>
       <center>
            <applet code="Uploader.class" archive="Uploader.jar" height="30" width="100">
                   <param name="r" value="de">
                   <param name="g" value="ad">
                   <param name="b" value="00">
            </applet>
       </center>
  </body></html>

• Exchange 2013 don't unassign IIS Services from Certificate Self-Sign

  Hi,
  I Imported a new Public certificate to Exchange 2013 SP1 and assigned IIS Service, but IIS service keep assign to certificate self signed. Now, I have ISS services
  assigned in two certificate (self signed and public certificate), someone have seen it? What do I do now?
  Another question, Can I remove self-signed certificate? Is it any one service tied to Exchange?

  Hi,
  If possible, please provide more parameters(Status, IsSelfSigned etc.) about the certificate with IIS service:
  Get-ExchangeCertificate -Thumbprint
  382E9DCC4CCA38DA488345F7B46114BA91EBB8F0 | FL
  Get-ExchangeCertificate -Thumbprint
  86EE0029EBC8FDCC9F98572602E69F65226BAB76 | FL
  Please restart IIS service by running iisreset /noforce from a command prompt window. If the public certificate is configured correctly and has included all namespaces used for all Internal and external Exchange connections,
  we can remove the self-signed certificate safely.
  Thanks,
  Winnie Liang
  TechNet Community Support

• 802.1X ACS Self Signed External Windows DB

  I can configure the ACS server whit Self Signed and integrate it into a Windows database?
  The users will be authenticate whit 802.1X configured in a WLAN in WLC4400.

  Thanks Sthephen,
  I have configured this in the ACS:
  1. The ACS server is member server, for example LAB.
  2. In External User Database / Windows Database / Configure / In the configure domain list I select the domain called LAB.
  3. System Configuration/ACS Certificate Setup/Generate Self-Signed. I enter all parameter requerided and the certificate is created.
  4. The certificate is installed in the wireless client and the wireless profile is configured selecting the certificate. In the windows profile of the wireless conection, I uncheck the Automatically use my Windows logon name and password, this option is disable to use the local database of the ACS.
  The only configuration necessary for the integration of the ACS server whit the Windows domain. Is that the server is a member of the Windows domain and select the domain in the domain list in the acs? and check the option "Automatically use my Windows logon name and password"

• Keytool self-signed certificate.

  Using Keyman on hp-unix. Wanted to create self-signed certificate.
  When I tried to create, it asked to create keys. I created them. Then I could select self-signed and create it. This is listed under private certificates. Now what to do? For somebody to trust this certificate, do I have to take it to another database on another box?
  Say, I created a private certificate pc1 at Box1. For Box2 to trust Box1, I guess I need to take this certificate and put it on Box2. (exporting from box1 and importing to box2). Is this what I am supposed to do? Or am I understanding something different? If I am correct, it(keyman) is not giving me option to export the certificate.
  Please help.

  Using ikeyman, Not keytool

• Some clients migrated from 2007 is presented with the self signed certificate in 2013

  I have migrated from 2007 to 2013. I did a couple of test migrations and on the ones with domain member computers Outlook is giving a certificate warning. The certificate they are presented with is the default self signed certificate on the 2013 server.
  Even though I have added a trusted public certificate to Exchange and checked of to use With IIS.
  I see that the default certificate is also checked of to use With IIS and it cant be removed in ECS. Shouldnt this be removed from IIS all together when adding a New certificate? And why does some Clients gets presented With the self signed and some With
  the Public? For instance owa is presented With the Public cert. Also and Outlook I tested from outside the domain.
  Regards

  Only the UCC certificate should be bound to IIS.
  Are any clients using POP or IMAP, which also use SMTP?  In this case clients can be presented with the "wrong" certificate as well.
  Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

• Why does my MAC keep asking me to trust a self signed certificate that I indicated it should always trust?

  My company uses a Cisco Wireless Lan Controler solution.  The cert is self signed and every time i go to connect i prompts me VerifyCertificate.  When i show the certificate, the check box for for "Always Trust" is checked.  Also, all when i expand the Trust arrow, all the  options there say "Always Trust".  I then MUST click continue and put in my credentials (Active Directory) .  Then everhthing works, but I don't want to be prompted everytime i connect to wireless.
  Any thoughts?

  I never said I was happy with my defective product. I'll get it fixed, just as you said. But I'm far from an apple store at the moment, so his workaround works great for the moment. anth2013's answer told me that there is an issue with the newer macbook airs. That's all I needed to know: whether there was a problem with my router or with my dad's mac. And now I know that my dad's mac is defective. What, do you want me to mark your answer as the right one? If you're really desperate for the "reputation" then FINE, I'll mark your answer as "this solved my question". Just let me know. In fact I don't think I can change it now. His/her "answer" came first and broadly answered my question. I would me more than happy to say that you "helped me".
  As for you useless rage, I understand that you're angry with apple, but please direct it elsewhere, because you have no further help to contribute to this post. If you really think that your rage can help people, start your own thread, and stop bothering this thread. There is truly nothing left to contribute to this thread.

• Self sign applet without doing any change in policy file at client end

  Hi all,
  I developed an applet which make some webservice calls,
  I have given following permission in policy file at client end
  grant codeBase "http://nta2311:7001/-" {
  permission java.lang.RuntimePermission "createClassLoader";
  permission java.lang.RuntimePermission "getClassLoader";
  permission java.util.PropertyPermission "*", "read, write";
  permission java.net.SocketPermission "*", "connect, resolve";
  with these settings applet is working fine
  Now I want to make applet signed in order to avoid policy file modifications
  for testing I want to self sign it
  please help me

  Signing applets:
  http://forum.java.sun.com/thread.jsp?forum=63&thread=524815
  second post and reply 18 for the java class file using doprivileged
  http://forum.java.sun.com/thread.jsp?forum=63&thread=409341
  4th post explaining how to set up your own policy with your own keystore
  Still problems?
  A Full trace might help us out:
  http://forum.java.sun.com/thread.jspa?threadID=656028

• Applet signed w/ self-signed cert - different behaviors w different servers

  Folks,
  I'd really appreciate your help with the following.
  I'd like to deploy an applet as a signed jar. Probably at least in the beginning, and maybe indefinitely, I'd like to sign it with a self-signed cert. When I've tested this under Linux, loading the applet in a browser running on my desktop, from an apache2 webserver also running on the desktop, I get the expected behavior - I get a security dialog reporting that the applet was signed by an unrecognized CA, but allowing me to accept the applet's signature. However, when I try loading the applet from my server (i.e, browser still running on my desktop, but now loading the applet from the real webserver, which is also apache2), I don't get a security dialog, and the applet fails silently.
  Is there some way of configuring the webserver so that the security dialog is presented for a self-signed applet? What explains this difference?
  Thanks much,
  Matthew Fleming
  DermVision, LLC

  Double post answer has been given and ignored:
  http://forum.java.sun.com/thread.jspa?threadID=569012&messageID=2812525#2812525

• Applet signed w/ self-signed cert - different behavior w/ different servers

  Folks,
  I'd really appreciate your help with the following.
  I'd like to deploy an applet as a signed jar. Probably at least in the beginning, and maybe indefinitely, I'd like to sign it with a self-signed cert. When I've tested this under Linux, loading the applet in a browser running on my desktop, from an apache2 webserver also running on the desktop, I get the expected behavior - I get a security dialog reporting that the applet was signed by an unrecognized CA, but allowing me to accept the applet's signature. However, when I try loading the applet from my server (i.e, browser still running on my desktop, but now loading the applet from the real webserver, which is also apache2), I don't get a security dialog, and the applet fails silently.
  Is there some way of configuring the webserver so that the security dialog is presented for a self-signed applet? What explains this difference?
  Thanks much,
  Matthew Fleming
  DermVision, LLC

  policy files or Runtime Parameters could change the default behavior.
  The java.policy could have a line like this:
  permission java.lang.RuntimePermission "usePolicy";
  A full trace might show you what's going wrong.
  To turn the full trace on (windows) you can start the java console, to be found here:
  C:\Program Files\Java\j2re1.4...\bin\jpicpl32.exe
  In the advanced tab you can fill in something for runtime parameters fill in this:
  -Djavaplugin.trace=true -Djavaplugin.trace.option=basic|net|security|ext|liveconnect
  if you cannot start the java console check here:
  C:\Documents and Settings\userName\Application Data\Sun\Java\Deployment\deployment.properties
  I think for linux this is somewhere in youruserdir/java (hidden directory)
  add or change the following line:
  javaplugin.jre.params=-Djavaplugin.trace\=true -Djavaplugin.trace.option\=basic|net|security|ext|liveconnect
  for 1.5:
  deployment.javapi.jre.1.5.0.args=Djavaplugin.trace\=true -Djavaplugin.trace.option\=basic|net|security|ext|liveconnect
  The trace is here:
  C:\Documents and Settings\your user\Application Data\Sun\Java\Deployment\log\plugin...log
  I think for linux this is somewhere in youruserdir/java (hidden directory)

• Self signed applet problem

  Hello java gurus,
  I have a self signed applet which must read and write from mysql DB.
  The sign is OK, the popup "warning security" is here but I still have a SQL Exception :
  java.security.AccessControlException: access denied (java.util.PropertPermission file.encoding read)
  I don't want to change the java policy and I work on plugin 1.4.1_02.
  I think the problem is with the certificate cause it should give permission to applet, but it doesn't.
  Any help will be very pleasant

  From the plug-in control panel, click certificates
  then the Signer CA radio button. These are the
  certifying authorities that the client plug-in will
  accept as valid for signed code. Obviously, if any
  client would just accept self-signed code as trusted,
  it wouldn't provide much security. For a purely
  internal app, you can generate a cert and install it
  on the clients which will accept your own signing as
  trustworthy.I think I can deal with this properly if you just clear up one thing for me: when you say 'install it on the clients' do you mean use the Plug-In Control Panel to load the certificate using the "Certificates" tab? From there click the "Signed Applet" radio button and "Import" and browse for the cert file? Or does creating this HTML file and clicking on a link to the certificate do something else? I think I am generating my self-signed certificate correctly and signing my jar correctly, but my applet is failing to initialize. Any further help on this much-maligned topic? :)
  Thanks,
  B. Rintoul

• What are the default permissions for "self-signed" applets?

  Hello!
  I have a self-signed applet (=signed with a self made certificate) and under most plugin-enviroments java asks the user if it accepts this certificate as trustworth.
  On my linux-box I do not have any problems to write files to the local filesystem after I accepted this self-signed applet.
  However I've often read that users must grant some permissions even for signed applets, so is there a list of permissions that are denied by default?
  Are there differences between java releases starting with 1.2.2?
  Thanks in advance, lg Clemens

  Default settings are like you said, jre asks the user and everything will work.
  Unless.your applet uses classes that are not signed like with calls from javascript to your applet the plugin.jar is used and you'll get an exception when writing to files.
  When writing to files the OS might not allowe the user to write to a certain file or folder.
  Don't know what type of exception will be thrown if the OS doesn't allowe it but it has
  nothing to do with applet permissions.
  To change the default setting you can add the following line in the grant { bit of the
  java.policy
  permission java.lang.RuntimePermission "usePolicy";
  When this line is there all signatures will be ignored and an applet can only do extra
  things (like access to local files) if a policy is set up for this applet.
  To find out what's wrong at your clients site you should ask them to send a full trace
  and check that. I hope you did a .printStacktrace() on the exception in your code so
  you can see if any other classes are involved when the exception is thrown.
  To turn the full trace on (windows) you can start the java console, to be found here:
  C:\Program Files\Java\j2re1.4...\bin\jpicpl32.exe
  In the advanced tab you can fill in something for runtime parameters fill in this:
  -Djavaplugin.trace=true -Djavaplugin.trace.option=basic|net|security|ext|liveconnect
  if you cannot start the java console check here:
  C:\Documents and Settings\userName\Application Data\Sun\Java\Deployment\deployment.properties
  I think for linux this is somewhere in youruserdir/java (hidden directory)
  add or change the following line:
  javaplugin.jre.params=-Djavaplugin.trace\=true -Djavaplugin.trace.option\=basic|net|security|ext|liveconnect
  for 1.5:
  deployment.javapi.jre.1.5.0.args=-Djavaplugin.trace\=true -Djavaplugin.trace.option\=basic|net|security|ext|liveconnect
  The trace is here:
  C:\Documents and Settings\your user\Application Data\Sun\Java\Deployment\log\plugin...log
  I think for linux this is somewhere in youruserdir/java (hidden directory)

• Problem with importing and creating self signed SSL certificate

  Mac Pro, 10.7.2 Server.  Attempting to import or create a self signed certificate for use as ichat.domain.com to encrypt iChat service.  Server is acutally called server.domain.com but has an alias of ichat.domain.com.  I understand that this is probably not best practice but I would like to keep things this way since we have one server, run multiple services on it, but want to continue to connect to each service at SERVICE.domain.com.  We have been using this type of mismatched certificate with success since 10.4 or so.
  I am working through setup of 10.7 Server to replace our 10.6 server. 
  Tried upgrade of 10.6 to 10.7 installation.  The installation made a mess of some services and our Open Directory, but did move the certificate over and allowed iChat service to function properly.
  Clean install and setup of 10.7 Server.  Exported self signed certificate, private key, and encryption password from 10.6 Server and functioning 10.7 upgraded Server.
  On import or manual creation of certificate get the following error:
  Error
  Check your server's logs for more information.  The error (code 5001) was: Expected SecKeychainItemImport to return a SecIdentityRef, but it did not
  Log shows:
  Dec 29 17:56:55 server servermgrd[498]: -[CertsRequestHandler(HelperAdditions) importP12Data:passphrase:error:]: importedItems = (
                "<SecCertificate 0x7fcf6ed43c00 [0x7fff78d96f40]>"
  I have tried importing and manually creating other certificates with a variety of names with success.  I assume that there is something buried somewhere that is causing this particular one to be a problem.  Other than manually removing any remnants of the certificate from /etc/certficates I do not have any ideas what to try.  I am essentially ready to move this server to 10.7 except for this problem and would like to avoid a reinstall.
  Suggestions?
  -Erich

  Take a look here.
  https://bbs.archlinux.org/viewtopic.php?id=146649
  Maybe it's a problem with your network.