我有一个用我自己的证书签名的非常基本的Java Applet . 当我在我的网站上试用它时,我收到的消息是应用程序被安全设置阻止 .
这就是我做的 . 我使用jarsigner工具签署了jar文件:
jarsigner -keystore keystore.p12 -storetype pkcs12 -tsa http://timestamp.comodoca.com/rfc3161 TestApplet1.jar codesign
当我验证 jar 时,我看起来都很好:
$ jarsigner -verify -verbose -certs TestApplet1.jar
s k 415 Thu Oct 09 12:19:18 CEST 2014 META-INF/MANIFEST.MF
[entry was signed on 9-10-14 12:19]
X.509, EMAILADDRESS=test@test.nl, CN=codesigning 2014, OU=Test, O="Test BV ", L=Stad, ST=ZH, C=NL (codesign)
[certificate is valid from 11-8-14 11:19 to 11-8-15 11:29]
X.509, CN=CA-TEST (ca-test)
[certificate is valid from 23-2-11 9:37 to 23-2-16 9:46]
496 Thu Oct 09 12:19:18 CEST 2014 META-INF/CODESIGN.SF
4666 Thu Oct 09 12:19:18 CEST 2014 META-INF/CODESIGN.RSA
smk 226 Tue Oct 07 16:31:54 CEST 2014 .classpath
[entry was signed on 9-10-14 12:19]
X.509, EMAILADDRESS=test@test.nl, CN=codesigning 2014, OU=Test, O="Test BV ", L=Stad, ST=ZH, C=NL (codesign)
[certificate is valid from 11-8-14 11:19 to 11-8-15 11:29]
X.509, CN=CA-TEST (ca-test)
[certificate is valid from 23-2-11 9:37 to 23-2-16 9:46]
smk 370 Tue Oct 07 16:31:54 CEST 2014 .project
[entry was signed on 9-10-14 12:19]
X.509, EMAILADDRESS=test@test.nl, CN=codesigning 2014, OU=Test, O="Test BV ", L=Stad, ST=ZH, C=NL (codesign)
[certificate is valid from 11-8-14 11:19 to 11-8-15 11:29]
X.509, CN=CA-TEST (ca-test)
[certificate is valid from 23-2-11 9:37 to 23-2-16 9:46]
smk 792 Tue Oct 07 16:34:30 CEST 2014 nl/test/applet/TestApplet1.class
[entry was signed on 9-10-14 12:19]
X.509, EMAILADDRESS=test@test.nl, CN=codesigning 2014, OU=Test, O="Test BV ", L=Stad, ST=ZH, C=NL (codesign)
[certificate is valid from 11-8-14 11:19 to 11-8-15 11:29]
X.509, CN=CA-TEST (ca-test)
[certificate is valid from 23-2-11 9:37 to 23-2-16 9:46]
0 Tue Oct 07 16:33:50 CEST 2014 nl/
0 Tue Oct 07 16:33:50 CEST 2014 nl/test/
0 Tue Oct 07 16:33:50 CEST 2014 nl/test/applet/
s = signature was verified
m = entry is listed in manifest
k = at least one certificate was found in keystore
i = at least one certificate was found in identity scope
jar verified.
我用标签创建了一个非常基本的html文件:
<body>
<p>Test page TestApplet1</p>
<applet code="nl.test.applet.TestApplet1.class"
archive="TestApplet1.jar"
id="TestApplet1"
height="0" width="0">
</applet>
<script type="text/javascript">
alert(document.getElementById("TestApplet1").helloWorld());
</script>
</body>
但是当我在测试网站上部署它并尝试运行applet时,安全设置会阻止applet . 我收到的消息是:“ Your security settings have blocked an untrusted application from running ” .
当我将安全级别设置为“Medium ", using the Java Control Panel, and then I open the webpage again I get the security warning: " An unsigned application from the location below is requested permission to run. ”时
我的做法有什么问题?
顺便说一下,我已经将我的CA证书导入了IE证书存储区和Java控制面板中管理的证书中的受信任根CA.
任何建议都是受欢迎的 .
2 回答
您需要执行以下步骤:
用钥匙对所有 jar 签名
确保使用https .
如果您使用http或自签名的ssl证书进行https,则需要将主机添加到安全例外列表中(jcontrol - >安全选项卡 - >编辑站点列表)
看看this link
基本上,自签名小程序的行为与您注意到的方式相同 . 这是因为Java的安全标准 . 如果要删除警告,则需要购买证书 .
希望这可以帮助 .