Hot questions for Using Applets in ssl

Question:

I have written an applet that needs to use NetworkManager class. Said applet will only be executed in known kiosks of us, and I will put these kiosks into separate places. And the applet needs to be executed without a notification, or without blocking the whole site.

Now the question: even if I created a self-signed certificate and signed the JAR with it, it does ask to get permissions (or to get executed) every now and then.

I put the certificate into kiosks and tried to add them as trusted via Java settings. I also added the applet location and the location that calls the applet (root URLs) as trusted websites via Java settings, and nothing changed.

I am not good at Java, therefore any help will be appreciated.


Answer:

Now the question: even if I created a self-signed certificate and signed the JAR with it, it does ask to get permissions (or to get executed) every now and then.

Yes, I believe this is documented behavior. From Signed Code FAQ - Security Manifest Changes.

Why don't I see the option to select Do not show this again for this app in the security dialog for an unsigned application?

Starting with Java 7 Update 40, the option to select Do not show this again for this app is no longer available. Unlike previous versions a user cannot suppress the security dialog for an unsigned application and will have to select the option, I accept the risk and want to run this app, each time to run the unsigned application.


You might also be able to distribute the self signed to your kiosks so they are trusted. See Self-signed certificates for a known community. And also see Upcoming Exception Site List in 7u51.

Question:

We have a web app running on IIS, there is sensitive information so we are requiring SSL. The web app uses a java applet to digitally sign a pdf.

When we turn off SSL the applet runs fine, when SSL is on this error occurs http://imgur.com/mtEzfxq

We have a valid SSL certificate applied also.

Please let me know if there is any information I need to add, much appreciated.


Answer:

After a lot of messing around with Authentication settings on IIS we found the problem. For our specific application we needed to turn the site authentication to Windows while setting the WebResource.axd and a few folders pertaining to the applet to Anonymous.

If anyone else is having this issue mess around with the IIS authentication settings as there is probably something your applet is trying to access as Anonymous and cannot.

Question:

How to avoid this message on Windows XP, please?

I have tried to create the exception for my domain (with trusted SSL certificate) in Java settings, put all the security levels to the lovest values but this warning still occurs.

It is really annoying when I have to click on this 3 times a minute (Zebra printer printing applet).

Thanks


Answer:

'Trusted SSL certificate' is irrelevant. You need to sign the applet with a trusted signing certificate.

Question:

I have an applet embedded in jsp (IBM FileNet JavaViwer) which loads the document in jsp page.

The applet loads fine over over http requests.

but with https i am facing problems.

Applet loads with https my devserver deployed on WAS (Without any webserver in place) jre5 or jre6 installed clients can view it perfectly.

But in my test environment where IHS server sit in front of WAS, Applet loading fails with classnot found exception for jre 5 clients. for Jre 6 clients applet loads with https on test server as well.

Below is Java Console Log:


Java Plug-in 1.5.0_15
Using JRE version 1.5.0_15 Java HotSpot(TM) Client VM
User home directory = C:\Users\user1


basic: Cache is enabled
basic: Location: C:\Users\user1\AppData\LocalLow\Sun\Java\Deployment\cache\javapi\v1.0
basic: Maximum size: unlimited
basic: Compression level: 0

basic: Plugin modality.register
----------------------------------------------------
c:   clear console window
f:   finalize objects on finalization queue
g:   garbage collect
h:   display this help message
l:   dump classloader list
m:   print memory usage
o:   trigger logging
p:   reload proxy configuration
q:   hide console
r:   reload policy configuration
s:   dump system and deployment properties
t:   dump thread list
v:   dump thread stack
x:   clear classloader cache
0-5: set trace level to <n>
----------------------------------------------------

basic: Registered modality listener
liveconnect: Invoking JS method: document
liveconnect: Invoking JS method: URL
basic: Referencing classloader: sun.plugin.ClassLoaderInfo@ee6681, refcount=1
basic: Added progress listener: sun.plugin.util.GrayBoxPainter@1fd6bea
basic: Loading applet ...
basic: Initializing applet ...
basic: Starting applet ...
basic: Referencing classloader: sun.plugin.ClassLoaderInfo@ee6681, refcount=2
basic: Releasing classloader: sun.plugin.ClassLoaderInfo@ee6681, refcount=1
basic: httpCompression = true
liveconnect: Invoking JS method: execScript
liveconnect: Invoking JS method: evalIntermediateValueToReturn
network: Connecting https://X.X.X.X:443/myApp/FnJavaV1Files/ji.jar with proxy=HTTP @ /Y.Y.Y.Y:8080
network: Connecting https://X.X.X.X:443/myApp/FnJavaV1Files/ji/applet/jiApplet.class with proxy=HTTP @ /Y.Y.Y.Y:8080
network: Connecting https://X.X.X.X:443/myApp/FnJavaV1Files/ji/applet/jiApplet/class.class with proxy=HTTP @ /Y.Y.Y.Y:8080
load: class ji.applet.jiApplet.class not found.
java.lang.ClassNotFoundException: ji.applet.jiApplet.class
 at sun.applet.AppletClassLoader.findClass(Unknown Source)
 at java.lang.ClassLoader.loadClass(Unknown Source)
 at sun.applet.AppletClassLoader.loadClass(Unknown Source)
 at java.lang.ClassLoader.loadClass(Unknown Source)
 at sun.applet.AppletClassLoader.loadCode(Unknown Source)
 at sun.applet.AppletPanel.createApplet(Unknown Source)
 at sun.plugin.AppletViewer.createApplet(Unknown Source)
 at sun.applet.AppletPanel.runLoader(Unknown Source)
 at sun.applet.AppletPanel.run(Unknown Source)
 at java.lang.Thread.run(Unknown Source)
basic: Exception: java.lang.ClassNotFoundException: ji.applet.jiApplet.class
java.lang.ClassNotFoundException: ji.applet.jiApplet.class
 at sun.applet.AppletClassLoader.findClass(Unknown Source)
 at java.lang.ClassLoader.loadClass(Unknown Source)
 at sun.applet.AppletClassLoader.loadClass(Unknown Source)
 at java.lang.ClassLoader.loadClass(Unknown Source)
 at sun.applet.AppletClassLoader.loadCode(Unknown Source)
 at sun.applet.AppletPanel.createApplet(Unknown Source)
 at sun.plugin.AppletViewer.createApplet(Unknown Source)
 at sun.applet.AppletPanel.runLoader(Unknown Source)
 at sun.applet.AppletPanel.run(Unknown Source)
 at java.lang.Thread.run(Unknown Source)
basic: Plugin modality.pushed
basic: Modality pushed
basic: push javax.swing.JDialog[dialog0,549,317,268x134,layout=java.awt.BorderLayout,modal,title=Error - Java,defaultCloseOperation=HIDE_ON_CLOSE,rootPane=javax.swing.JRootPane[,3,25,262x106,layout=javax.swing.JRootPane$RootLayout,alignmentX=0.0,alignmentY=0.0,border=,flags=16777673,maximumSize=,minimumSize=,preferredSize=],rootPaneCheckingEnabled=true]
basic: Plugin modality.pushed
basic: Modality pushed
basic: push javax.swing.JDialog[dialog0,549,317,422x303,layout=java.awt.BorderLayout,modal,title=Error - Java,defaultCloseOperation=HIDE_ON_CLOSE,rootPane=javax.swing.JRootPane[,3,25,416x275,layout=javax.swing.JRootPane$RootLayout,alignmentX=0.0,alignmentY=0.0,border=,flags=16777673,maximumSize=,minimumSize=,preferredSize=],rootPaneCheckingEnabled=true]
basic: Plugin modality.popped
basic: Modality popped
basic: pop javax.swing.JDialog[dialog0,549,317,422x303,invalid,hidden,layout=java.awt.BorderLayout,modal,title=Error - Java,defaultCloseOperation=HIDE_ON_CLOSE,rootPane=javax.swing.JRootPane[,3,25,416x275,invalid,layout=javax.swing.JRootPane$RootLayout,alignmentX=0.0,alignmentY=0.0,border=,flags=16777673,maximumSize=,minimumSize=,preferredSize=],rootPaneCheckingEnabled=true]
basic: Plugin modality.popped
basic: Modality popped
basic: pop javax.swing.JDialog[dialog0,549,317,422x303,invalid,hidden,layout=java.awt.BorderLayout,modal,title=Error - Java,defaultCloseOperation=HIDE_ON_CLOSE,rootPane=javax.swing.JRootPane[,3,25,416x275,invalid,layout=javax.swing.JRootPane$RootLayout,alignmentX=0.0,alignmentY=0.0,border=,flags=16777673,maximumSize=,minimumSize=,preferredSize=],rootPaneCheckingEnabled=true]

Answer:

Turns out that the Webserver in test environment is not supporting SSLV3 protocol. It supports only TLSV1. Jre 5 clients by default uses SSLv2Hello & SSLv3 so error is thrown as there is no common protocol. However jre 6 clients default runs on SSLv3 & TLV1, in this case TLSV1 is common protocol btw client and webserver and connection is succesful and applet loads fine.

Error message ClassNotFound is quite weird though..