Java applet won't load in IE after Java 8 upgrade

Question

I have a Java applet that I use to read SD card data from a user's PC. The applet lives on a web site that you log in to. To log-in to the web site you must use a browser certificate. Once you're logged in, you go to the SD card download page, the applet initializes, reads the card data, and sends it to some JavaScript on the page.

The issue that I have now is that the applet does not load since installing Java 8 on my browser. Specifically it does not work in any version of IE (tested 8, 9, 10, and 11). It runs fine in Firefox. I have not tried Chrome.

I haven't found anyone else who has a similar issue. It could be because it is relatively new. Does anyone know why this is happening and have any idea how to fix it?

There is a stacktrace in the Java console in IE8 that looks relevant. Here are some interesting pieces:

javax.net.ssl.SSLHandshakeException: Error signing certificate verify
...
Caused by: java.security.InvalidKeyException: No installed provider supports this key: com.sun.deploy.security.MSCryptoRSAPrivateKey
...
com.sun.deploy.net.FailedDownloadException: Unable to load resource: https://xdc-fqq02.example.com/cardtocloud/cardtocloud.jnlp

Edit: Here's an additional piece of info. The applet works correctly on a different server with with OpenSSL 1.0.1i. The applet does not work with the original server which has OpenSSL 1.0.0m.

Here is the full log. The stacktrace does not appear in the log for Firefox.

Java Plug-in 11.25.2.18
Using JRE version 1.8.0_25-b18 Java HotSpot(TM) Client VM
User home directory = C:\Users\codyj
----------------------------------------------------
c:   clear console window
f:   finalize objects on finalization queue
g:   garbage collect
h:   display this help message
l:   dump classloader list
m:   print memory usage
o:   trigger logging
q:   hide console
r:   reload policy configuration
s:   dump system and deployment properties
t:   dump thread list
v:   dump thread stack
x:   clear classloader cache
0-5: set trace level to <n>
----------------------------------------------------
network: Created version ID: 1.8.0.25
network: Created version ID: 1.8
network: Created version ID: 8.0.25
network: Connecting https://xdc-fqq02.example.com/cardtocloud/cardtocloud.jnlp with proxy=DIRECT
network: Connecting http://xdc-fqq02.example.com:443/ with proxy=DIRECT
security: Loading SSL Root CA certificates from C:\Program Files (x86)\Java\jre1.8.0_25\lib\security\cacerts
security: Loaded SSL Root CA certificates from C:\Program Files (x86)\Java\jre1.8.0_25\lib\security\cacerts
security: Obtain certificate collection in SSL Root CA certificate store
security: Obtain certificate collection in SSL Root CA certificate store
security: Loading certificates from Deployment session certificate store
security: Loaded certificates from Deployment session certificate store
security: Loading certificates from Internet Explorer ROOT certificate store
security: Loaded certificates from Internet Explorer ROOT certificate store
security: Loading certificates from Internet Explorer DISALLOWED certificate store
security: Loaded certificates from Internet Explorer DISALLOWED certificate store
security: Loaded blacklisted.certs file: C:\Users\codyj\AppData\LocalLow\Sun\Java\Deployment\security\blacklisted.certs
security: SHA-256Certificate finger print: F94D2C80A1172FC591F964D4DC0E8BAF493C92FE678B6B8B07D362607EBD33AB
security: Checking if certificate is in Internet Explorer DISALLOWED certificate store
security: SHA-256Certificate finger print: 0855414AF5F5FD7E264F8B002A39CCED67E5952E89B61B680CC847BAA34944DE
security: Checking if certificate is in Internet Explorer DISALLOWED certificate store
security: SHA-256Certificate finger print: 0AE1484292B20EE696D4593DBE46F91479F8DAD58FC057CFD52FA3FA8FB3CE4B
security: Checking if certificate is in Internet Explorer DISALLOWED certificate store
security: Checking if SSL certificate is in Deployment permanent certificate store
security: Loading certificates from Internet Explorer ROOT certificate store
security: Loaded certificates from Internet Explorer ROOT certificate store
security: Saving certificates in Deployment session certificate store
security: Saved certificates in Deployment session certificate store
javax.net.ssl.SSLHandshakeException: Error signing certificate verify
  at sun.security.ssl.Alerts.getSSLException(Unknown Source)
  at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
  at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
  at sun.security.ssl.ClientHandshaker.serverHelloDone(Unknown Source)
  at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
  at sun.security.ssl.Handshaker.processLoop(Unknown Source)
  at sun.security.ssl.Handshaker.process_record(Unknown Source)
  at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
  at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
  at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
  at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
  at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
  at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
  at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source)
  at sun.net.www.protocol.http.HttpURLConnection.access$200(Unknown Source)
  at sun.net.www.protocol.http.HttpURLConnection$9.run(Unknown Source)
  at sun.net.www.protocol.http.HttpURLConnection$9.run(Unknown Source)
  at java.security.AccessController.doPrivileged(Native Method)
  at java.security.AccessController.doPrivileged(Unknown Source)
  at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
  at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
  at com.sun.deploy.net.HttpUtils.followRedirects(Unknown Source)
  at com.sun.deploy.net.BasicHttpRequest.doRequest(Unknown Source)
  at com.sun.deploy.net.BasicHttpRequest.doGetRequestEX(Unknown Source)
  at com.sun.deploy.net.DownloadEngine.actionDownload(Unknown Source)
  at com.sun.deploy.net.DownloadEngine.downloadResource(Unknown Source)
  at com.sun.deploy.cache.ResourceProviderImpl.getResource(Unknown Source)
  at com.sun.deploy.cache.ResourceProviderImpl.getResource(Unknown Source)
  at com.sun.deploy.model.ResourceProvider.getResource(Unknown Source)
  at com.sun.javaws.jnl.LaunchDescFactory._buildDescriptor(Unknown Source)
  at com.sun.javaws.jnl.LaunchDescFactory.buildDescriptor(Unknown Source)
  at com.sun.javaws.jnl.LaunchDescFactory.buildDescriptor(Unknown Source)
  at sun.plugin2.applet.JNLP2Manager.initialize(Unknown Source)
  at sun.plugin2.main.client.PluginMain.initManager(Unknown Source)
  at sun.plugin2.main.client.PluginMain.access$200(Unknown Source)
  at sun.plugin2.main.client.PluginMain$2.run(Unknown Source)
  at java.lang.Thread.run(Unknown Source)
Caused by: java.security.InvalidKeyException: No installed provider supports this key: com.sun.deploy.security.MSCryptoRSAPrivateKey
  at java.security.Signature$Delegate.chooseProvider(Unknown Source)
  at java.security.Signature$Delegate.engineInitSign(Unknown Source)
  at java.security.Signature.initSign(Unknown Source)
  at sun.security.ssl.HandshakeMessage$CertificateVerify.<init>(Unknown Source)
  ... 34 more
network: Connecting https://xdc-fqq02.example.com/cardtocloud/cardtocloud.jnlp with proxy=DIRECT
network: Connecting http://xdc-fqq02.example.com:443/ with proxy=DIRECT
security: Obtain certificate collection in SSL Root CA certificate store
security: Obtain certificate collection in SSL Root CA certificate store
security: Loading certificates from Deployment session certificate store
security: Loaded certificates from Deployment session certificate store
security: SHA-256Certificate finger print: F94D2C80A1172FC591F964D4DC0E8BAF493C92FE678B6B8B07D362607EBD33AB
security: Checking if certificate is in Internet Explorer DISALLOWED certificate store
security: SHA-256Certificate finger print: 0855414AF5F5FD7E264F8B002A39CCED67E5952E89B61B680CC847BAA34944DE
security: Checking if certificate is in Internet Explorer DISALLOWED certificate store
security: SHA-256Certificate finger print: 0AE1484292B20EE696D4593DBE46F91479F8DAD58FC057CFD52FA3FA8FB3CE4B
security: Checking if certificate is in Internet Explorer DISALLOWED certificate store
javax.net.ssl.SSLHandshakeException: Error signing certificate verify
  at sun.security.ssl.Alerts.getSSLException(Unknown Source)
  at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
  at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
  at sun.security.ssl.ClientHandshaker.serverHelloDone(Unknown Source)
  at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
  at sun.security.ssl.Handshaker.processLoop(Unknown Source)
  at sun.security.ssl.Handshaker.process_record(Unknown Source)
  at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
  at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
  at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
  at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
  at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
  at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
  at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source)
  at sun.net.www.protocol.http.HttpURLConnection.access$200(Unknown Source)
  at sun.net.www.protocol.http.HttpURLConnection$9.run(Unknown Source)
  at sun.net.www.protocol.http.HttpURLConnection$9.run(Unknown Source)
  at java.security.AccessController.doPrivileged(Native Method)
  at java.security.AccessController.doPrivileged(Unknown Source)
  at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
  at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
  at com.sun.deploy.net.HttpUtils.followRedirects(Unknown Source)
  at com.sun.deploy.net.BasicHttpRequest.doRequest(Unknown Source)
  at com.sun.deploy.net.BasicHttpRequest.doRequest(Unknown Source)
  at com.sun.deploy.net.BasicHttpRequest.doGetRequest(Unknown Source)
  at com.sun.deploy.net.DownloadEngine.actionDownload(Unknown Source)
  at com.sun.deploy.net.DownloadEngine.downloadResource(Unknown Source)
  at com.sun.deploy.cache.ResourceProviderImpl.getResource(Unknown Source)
  at com.sun.deploy.cache.ResourceProviderImpl.getResource(Unknown Source)
  at com.sun.deploy.model.ResourceProvider.getResource(Unknown Source)
  at com.sun.javaws.jnl.LaunchDescFactory._buildDescriptor(Unknown Source)
  at com.sun.javaws.jnl.LaunchDescFactory.buildDescriptor(Unknown Source)
  at com.sun.javaws.jnl.LaunchDescFactory.buildDescriptor(Unknown Source)
  at sun.plugin2.applet.JNLP2Manager.initialize(Unknown Source)
  at sun.plugin2.main.client.PluginMain.initManager(Unknown Source)
  at sun.plugin2.main.client.PluginMain.access$200(Unknown Source)
  at sun.plugin2.main.client.PluginMain$2.run(Unknown Source)
  at java.lang.Thread.run(Unknown Source)
Caused by: java.security.InvalidKeyException: No installed provider supports this key: com.sun.deploy.security.MSCryptoRSAPrivateKey
  at java.security.Signature$Delegate.chooseProvider(Unknown Source)
  at java.security.Signature$Delegate.engineInitSign(Unknown Source)
  at java.security.Signature.initSign(Unknown Source)
  at sun.security.ssl.HandshakeMessage$CertificateVerify.<init>(Unknown Source)
  ... 35 more
com.sun.deploy.net.FailedDownloadException: Unable to load resource: https://xdc-fqq02.example.com/cardtocloud/cardtocloud.jnlp
  at com.sun.deploy.net.DownloadEngine.actionDownload(Unknown Source)
  at com.sun.deploy.net.DownloadEngine.downloadResource(Unknown Source)
  at com.sun.deploy.cache.ResourceProviderImpl.getResource(Unknown Source)
  at com.sun.deploy.cache.ResourceProviderImpl.getResource(Unknown Source)
  at com.sun.deploy.model.ResourceProvider.getResource(Unknown Source)
  at com.sun.javaws.jnl.LaunchDescFactory._buildDescriptor(Unknown Source)
  at com.sun.javaws.jnl.LaunchDescFactory.buildDescriptor(Unknown Source)
  at com.sun.javaws.jnl.LaunchDescFactory.buildDescriptor(Unknown Source)
  at sun.plugin2.applet.JNLP2Manager.initialize(Unknown Source)
  at sun.plugin2.main.client.PluginMain.initManager(Unknown Source)
  at sun.plugin2.main.client.PluginMain.access$200(Unknown Source)
  at sun.plugin2.main.client.PluginMain$2.run(Unknown Source)
  at java.lang.Thread.run(Unknown Source)
Caused by:
javax.net.ssl.SSLHandshakeException: Error signing certificate verify
  at sun.security.ssl.Alerts.getSSLException(Unknown Source)
  at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
  at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
  at sun.security.ssl.ClientHandshaker.serverHelloDone(Unknown Source)
  at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
  at sun.security.ssl.Handshaker.processLoop(Unknown Source)
  at sun.security.ssl.Handshaker.process_record(Unknown Source)
  at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
  at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
  at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
  at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
  at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
  at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
  at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source)
  at sun.net.www.protocol.http.HttpURLConnection.access$200(Unknown Source)
  at sun.net.www.protocol.http.HttpURLConnection$9.run(Unknown Source)
  at sun.net.www.protocol.http.HttpURLConnection$9.run(Unknown Source)
  at java.security.AccessController.doPrivileged(Native Method)
  at java.security.AccessController.doPrivileged(Unknown Source)
  at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
  at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
  at com.sun.deploy.net.HttpUtils.followRedirects(Unknown Source)
  at com.sun.deploy.net.BasicHttpRequest.doRequest(Unknown Source)
  at com.sun.deploy.net.BasicHttpRequest.doRequest(Unknown Source)
  at com.sun.deploy.net.BasicHttpRequest.doGetRequest(Unknown Source)
  at com.sun.deploy.net.DownloadEngine.actionDownload(Unknown Source)
  at com.sun.deploy.net.DownloadEngine.downloadResource(Unknown Source)
  at com.sun.deploy.cache.ResourceProviderImpl.getResource(Unknown Source)
  at com.sun.deploy.cache.ResourceProviderImpl.getResource(Unknown Source)
  at com.sun.deploy.model.ResourceProvider.getResource(Unknown Source)
  at com.sun.javaws.jnl.LaunchDescFactory._buildDescriptor(Unknown Source)
  at com.sun.javaws.jnl.LaunchDescFactory.buildDescriptor(Unknown Source)
  at com.sun.javaws.jnl.LaunchDescFactory.buildDescriptor(Unknown Source)
  at sun.plugin2.applet.JNLP2Manager.initialize(Unknown Source)
  at sun.plugin2.main.client.PluginMain.initManager(Unknown Source)
  at sun.plugin2.main.client.PluginMain.access$200(Unknown Source)
  at sun.plugin2.main.client.PluginMain$2.run(Unknown Source)
  at java.lang.Thread.run(Unknown Source)
Caused by: java.security.InvalidKeyException: No installed provider supports this key: com.sun.deploy.security.MSCryptoRSAPrivateKey
  at java.security.Signature$Delegate.chooseProvider(Unknown Source)
  at java.security.Signature$Delegate.engineInitSign(Unknown Source)
  at java.security.Signature.initSign(Unknown Source)
  at sun.security.ssl.HandshakeMessage$CertificateVerify.<init>(Unknown Source)
  ... 35 more
network: Connecting https://xdc-fqq02.example.com/cardtocloud/cardtocloud.jnlp with proxy=DIRECT
network: Connecting http://xdc-fqq02.example.com:443/ with proxy=DIRECT
security: Obtain certificate collection in SSL Root CA certificate store
security: Obtain certificate collection in SSL Root CA certificate store
security: Loading certificates from Deployment session certificate store
security: Loaded certificates from Deployment session certificate store
security: SHA-256Certificate finger print: F94D2C80A1172FC591F964D4DC0E8BAF493C92FE678B6B8B07D362607EBD33AB
security: Checking if certificate is in Internet Explorer DISALLOWED certificate store
security: SHA-256Certificate finger print: 0855414AF5F5FD7E264F8B002A39CCED67E5952E89B61B680CC847BAA34944DE
security: Checking if certificate is in Internet Explorer DISALLOWED certificate store
security: SHA-256Certificate finger print: 0AE1484292B20EE696D4593DBE46F91479F8DAD58FC057CFD52FA3FA8FB3CE4B
security: Checking if certificate is in Internet Explorer DISALLOWED certificate store
basic: JNLP2Manager.initialize(): JNLP not available: /cardtocloud/cardtocloud.jnlp
basic: exception: null.
java.lang.NullPointerException
  at sun.plugin2.applet.JNLP2Manager.getAppInfo(Unknown Source)
  at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
  at java.lang.Thread.run(Unknown Source)
Ignored exception: java.lang.NullPointerException
basic: Dialog type is not candidate for embedding
security: Reset deny session certificate store

Answer 1

Have you tried turning off "TLS 1.2" in your Java Console?

Java8 seems to use TLS 1.2 as default, so in case your server doesn't support it, you might get the same error as you mentioned.

https://blogs.oracle.com/java-platform-group/entry/java_8_will_use_tls