How to make a machine trust a self-signed Java application

Question

I'm deploying an application using JAWS, and it worked until late 2013 when I got a warning, and then this morning Java completely blocked it. The message in French is:

Application bloquée par les paramètres de sécurité
Vos paramètres de sécurité ont bloqué l'exécution d'une application auto-signée avec une version obsolete ou arrivée à expiration de Java.

which would translate roughly as:

Application blocked by the security settings
Your security settings have blocked from running an application that has been self-signed with an obsolete or outdated Java.

The grammar is not that clear, the end of the sentence could be read as either:

• ...blocked a self-signed application from running with an obsolete or outdated Java [runtime], meaning that the local runtime is too old, but the self-signature is fine
• ...blocked an application that has been self-signed with an obsolete or outdated Java [compiler], meaning that the Java compiler used is too old

I searched online for the exact same message in English, but I couldn't find it. So the grammar is still unclear. Note that on the message there is no Name: xyz / From: http://url/, there's only the text I typed above, and a blue "i" icon.

Now, I don't really understand the exact meaning of this error message, but I know that there is an issue because my JAR files are all self-signed. I have already faced this on other Windows clients, and it was easy:

• I extracted a .cer certificate from my keystore;
• Downloaded it on the client machine, open it;
• Made the customers install it as a trusted source on their local machine.

It worked like a charm on my test setup and for one customer, but another one still has the issue and cannot run my software.

This is a big issue from me, and I don't know what to do. Should I upgrade my Java compiler, recompile everything, sign every JAR file again and cross fingers? How can I make that Windows box trust my certificate and let the Java application run?

Answer 1

Just Go To *Startmenu >>Java >>Configure Java >> Security >> Edit site list >> copy and paste your Link with problem >> OK Problem fixed :)*

Answer 2

SERIOUS DISCLAIMER

This solution has a serious security flaw. Please use at your own risk.
Have a look at the comments on this post, and look at all the answers to this question.

---

OK, I had to go to the customer premises and found a solution. I:

• Exported the keystore that holds the signing keys in PKCS #12 format
• Opened control panel Java -> Security tab
• Clicked Manage certificates
• Imported this new keystore as a secure site CA

Then I opened the JAWS application without any warning. This is a little bit cumbersome, but much cheaper than buying a signed certificate!