我有一个非常基本的Java Applet,使用我自己的证书签名。当我在我的网站上试用时,我收到消息说应用程序被安全设置阻止。已签名的java applet被安全设置屏蔽
这就是我所做的。 我签署使用jarsigner工具的jar文件:
jarsigner -keystore keystore.p12 -storetype pkcs12 -tsa http://timestamp.comodoca.com/rfc3161 TestApplet1.jar codesign
当我确认这一切看起来好像没什么问题的jar:
$ jarsigner -verify -verbose -certs TestApplet1.jar
s k 415 Thu Oct 09 12:19:18 CEST 2014 META-INF/MANIFEST.MF
[entry was signed on 9-10-14 12:19]
X.509, [email protected], CN=codesigning 2014, OU=Test, O="Test BV ", L=Stad, ST=ZH, C=NL (codesign)
[certificate is valid from 11-8-14 11:19 to 11-8-15 11:29]
X.509, CN=CA-TEST (ca-test)
[certificate is valid from 23-2-11 9:37 to 23-2-16 9:46]
496 Thu Oct 09 12:19:18 CEST 2014 META-INF/CODESIGN.SF
4666 Thu Oct 09 12:19:18 CEST 2014 META-INF/CODESIGN.RSA
smk 226 Tue Oct 07 16:31:54 CEST 2014 .classpath
[entry was signed on 9-10-14 12:19]
X.509, [email protected], CN=codesigning 2014, OU=Test, O="Test BV ", L=Stad, ST=ZH, C=NL (codesign)
[certificate is valid from 11-8-14 11:19 to 11-8-15 11:29]
X.509, CN=CA-TEST (ca-test)
[certificate is valid from 23-2-11 9:37 to 23-2-16 9:46]
smk 370 Tue Oct 07 16:31:54 CEST 2014 .project
[entry was signed on 9-10-14 12:19]
X.509, [email protected], CN=codesigning 2014, OU=Test, O="Test BV ", L=Stad, ST=ZH, C=NL (codesign)
[certificate is valid from 11-8-14 11:19 to 11-8-15 11:29]
X.509, CN=CA-TEST (ca-test)
[certificate is valid from 23-2-11 9:37 to 23-2-16 9:46]
smk 792 Tue Oct 07 16:34:30 CEST 2014 nl/test/applet/TestApplet1.class
[entry was signed on 9-10-14 12:19]
X.509, [email protected], CN=codesigning 2014, OU=Test, O="Test BV ", L=Stad, ST=ZH, C=NL (codesign)
[certificate is valid from 11-8-14 11:19 to 11-8-15 11:29]
X.509, CN=CA-TEST (ca-test)
[certificate is valid from 23-2-11 9:37 to 23-2-16 9:46]
0 Tue Oct 07 16:33:50 CEST 2014 nl/
0 Tue Oct 07 16:33:50 CEST 2014 nl/test/
0 Tue Oct 07 16:33:50 CEST 2014 nl/test/applet/
s = signature was verified
m = entry is listed in manifest
k = at least one certificate was found in keystore
i = at least one certificate was found in identity scope
jar verified.
我创建了标记一个非常基本的HTML文件:
<body>
<p>Test page TestApplet1</p>
<applet code="nl.test.applet.TestApplet1.class"
archive="TestApplet1.jar"
id="TestApplet1"
height="0" width="0">
</applet>
<script type="text/javascript">
alert(document.getElementById("TestApplet1").helloWorld());
</script>
</body>
但是,当我将它部署在我的测试网站上并尝试运行小程序时,该小程序被安全设置阻止。我收到的消息是:“您的安全设置已阻止不可信的应用程序运行”。
当我将安全级别设置为“中”,使用Java控制面板,然后我再打开网页,我得到了安全警告:“从以下位置的未签名的应用程序要求运行许可。“
我的方法有什么问题?
顺便说一句,我已经将我的CA证书导入到IE证书存储中的受信任根CA中,并在Java控制面板中管理证书。
任何建议是值得欢迎的。
你说:“请确保您使用https”开头;这意味着您无法从非SSL网站运行小程序?!我从来没有读过关于小程序的任何文档。但是,我确定我会试一试。顺便说一下,我的最终小程序将运行在https网站上,所以如果这是解决方案,那么我会很高兴;) – 2014-10-10 13:37:48
拥有有效的证书来签署applet和有效的网站证书非常重要。否则,你的客户会有很多烦人的警告。 – rimas 2014-10-10 17:12:14
我在SSL网站上测试了我的小程序,并且确实没有抱怨。我仍然使用自己的证书链,SSL站点拥有与我的代码签名证书相同的CA颁发的证书。当我们上市时,我们将使用VeriSign或其他可信第三方颁发的证书。 – 2014-10-14 11:38:20