我有一個非常基本的Java Applet,使用我自己的證書籤名。當我在我的網站上試用時,我收到消息說應用程序被安全設置阻止。已簽名的java applet被安全設置屏蔽
這就是我所做的。 我簽署使用jarsigner工具的jar文件:
jarsigner -keystore keystore.p12 -storetype pkcs12 -tsa http://timestamp.comodoca.com/rfc3161 TestApplet1.jar codesign
當我確認這一切看起來好像沒什麼問題的jar:
$ jarsigner -verify -verbose -certs TestApplet1.jar
s k 415 Thu Oct 09 12:19:18 CEST 2014 META-INF/MANIFEST.MF
[entry was signed on 9-10-14 12:19]
X.509, [email protected], CN=codesigning 2014, OU=Test, O="Test BV ", L=Stad, ST=ZH, C=NL (codesign)
[certificate is valid from 11-8-14 11:19 to 11-8-15 11:29]
X.509, CN=CA-TEST (ca-test)
[certificate is valid from 23-2-11 9:37 to 23-2-16 9:46]
496 Thu Oct 09 12:19:18 CEST 2014 META-INF/CODESIGN.SF
4666 Thu Oct 09 12:19:18 CEST 2014 META-INF/CODESIGN.RSA
smk 226 Tue Oct 07 16:31:54 CEST 2014 .classpath
[entry was signed on 9-10-14 12:19]
X.509, [email protected], CN=codesigning 2014, OU=Test, O="Test BV ", L=Stad, ST=ZH, C=NL (codesign)
[certificate is valid from 11-8-14 11:19 to 11-8-15 11:29]
X.509, CN=CA-TEST (ca-test)
[certificate is valid from 23-2-11 9:37 to 23-2-16 9:46]
smk 370 Tue Oct 07 16:31:54 CEST 2014 .project
[entry was signed on 9-10-14 12:19]
X.509, [email protected], CN=codesigning 2014, OU=Test, O="Test BV ", L=Stad, ST=ZH, C=NL (codesign)
[certificate is valid from 11-8-14 11:19 to 11-8-15 11:29]
X.509, CN=CA-TEST (ca-test)
[certificate is valid from 23-2-11 9:37 to 23-2-16 9:46]
smk 792 Tue Oct 07 16:34:30 CEST 2014 nl/test/applet/TestApplet1.class
[entry was signed on 9-10-14 12:19]
X.509, [email protected], CN=codesigning 2014, OU=Test, O="Test BV ", L=Stad, ST=ZH, C=NL (codesign)
[certificate is valid from 11-8-14 11:19 to 11-8-15 11:29]
X.509, CN=CA-TEST (ca-test)
[certificate is valid from 23-2-11 9:37 to 23-2-16 9:46]
0 Tue Oct 07 16:33:50 CEST 2014 nl/
0 Tue Oct 07 16:33:50 CEST 2014 nl/test/
0 Tue Oct 07 16:33:50 CEST 2014 nl/test/applet/
s = signature was verified
m = entry is listed in manifest
k = at least one certificate was found in keystore
i = at least one certificate was found in identity scope
jar verified.
我創建了標記一個非常基本的HTML文件:
<body>
<p>Test page TestApplet1</p>
<applet code="nl.test.applet.TestApplet1.class"
archive="TestApplet1.jar"
id="TestApplet1"
height="0" width="0">
</applet>
<script type="text/javascript">
alert(document.getElementById("TestApplet1").helloWorld());
</script>
</body>
但是,當我將它部署在我的測試網站上並嘗試運行小程序時,該小程序被安全設置阻止。我收到的消息是:「您的安全設置已阻止不可信的應用程序運行」。
當我將安全級別設置爲「中」,使用Java控制面板,然後我再打開網頁,我得到了安全警告:「從以下位置的未簽名的應用程序要求運行許可。「
我的方法有什麼問題?
順便說一句,我已經將我的CA證書導入到IE證書存儲中的受信任根CA中,並在Java控制面板中管理證書。
任何建議是值得歡迎的。
你說:「請確保您使用https」開頭;這意味着您無法從非SSL網站運行小程序?!我從來沒有讀過關於小程序的任何文檔。但是,我確定我會試一試。順便說一下,我的最終小程序將運行在https網站上,所以如果這是解決方案,那麼我會很高興;) – 2014-10-10 13:37:48
擁有有效的證書來簽署applet和有效的網站證書非常重要。否則,你的客戶會有很多煩人的警告。 – rimas 2014-10-10 17:12:14
我在SSL網站上測試了我的小程序,並且確實沒有抱怨。我仍然使用自己的證書鏈,SSL站點擁有與我的代碼簽名證書相同的CA頒發的證書。當我們上市時,我們將使用VeriSign或其他可信第三方頒發的證書。 – 2014-10-14 11:38:20