Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to make a machine trust a self-signed Java application

I'm deploying an application using JAWS, and it worked until late 2013 when I got a warning, and then this morning Java completely blocked it. The message in French is:

Application bloquée par les paramètres de sécurité
Vos paramètres de sécurité ont bloqué l'exécution d'une application auto-signée avec une version obsolete ou arrivée à expiration de Java.

which would translate roughly as:

Application blocked by the security settings
Your security settings have blocked from running an application that has been self-signed with an obsolete or outdated Java.

The grammar is not that clear, the end of the sentence could be read as either:

  • ...blocked a self-signed application from running with an obsolete or outdated Java [runtime], meaning that the local runtime is too old, but the self-signature is fine
  • ...blocked an application that has been self-signed with an obsolete or outdated Java [compiler], meaning that the Java compiler used is too old

I searched online for the exact same message in English, but I couldn't find it. So the grammar is still unclear. Note that on the message there is no Name: xyz / From: http://url/, there's only the text I typed above, and a blue "i" icon.

Now, I don't really understand the exact meaning of this error message, but I know that there is an issue because my JAR files are all self-signed. I have already faced this on other Windows clients, and it was easy:

  • I extracted a .cer certificate from my keystore;
  • Downloaded it on the client machine, open it;
  • Made the customers install it as a trusted source on their local machine.

It worked like a charm on my test setup and for one customer, but another one still has the issue and cannot run my software.

This is a big issue from me, and I don't know what to do. Should I upgrade my Java compiler, recompile everything, sign every JAR file again and cross fingers? How can I make that Windows box trust my certificate and let the Java application run?

like image 730
Benoit Duffez Avatar asked Jan 16 '14 09:01

Benoit Duffez


People also ask

How do I enable self signed applications in Java?

Inside the Control Panel window, click on Programs, then click on the Java icon to open the Java Control Panel. Inside the Java Control Panel window, go to the Security tab and select the High toggle from under the Security level for applications, not on the Exception Site List. Then, click Apply to save the changes.


2 Answers

Just Go To *Startmenu >>Java >>Configure Java >> Security >> Edit site list >> copy and paste your Link with problem >> OK Problem fixed :)*

like image 135
Mehdi Avatar answered Sep 23 '22 05:09

Mehdi


SERIOUS DISCLAIMER

This solution has a serious security flaw. Please use at your own risk.
Have a look at the comments on this post, and look at all the answers to this question.


OK, I had to go to the customer premises and found a solution. I:

  • Exported the keystore that holds the signing keys in PKCS #12 format
  • Opened control panel Java -> Security tab
  • Clicked Manage certificates
  • Imported this new keystore as a secure site CA

Then I opened the JAWS application without any warning. This is a little bit cumbersome, but much cheaper than buying a signed certificate!

like image 35
Benoit Duffez Avatar answered Sep 24 '22 05:09

Benoit Duffez