已签名的java小程序被安全设置阻止
我有一个用我自己的证书签名的非常基本的Java小程序。当我在我的网站上试用时,我得到一条消息,应用程序被安全设置阻止 这就是我所做的。 我使用jarsigner工具对jar文件进行了签名:已签名的java小程序被安全设置阻止,java,security,applet,jar-signing,Java,Security,Applet,Jar Signing,我有一个用我自己的证书签名的非常基本的Java小程序。当我在我的网站上试用时,我得到一条消息,应用程序被安全设置阻止 这就是我所做的。 我使用jarsigner工具对jar文件进行了签名: jarsigner -keystore keystore.p12 -storetype pkcs12 -tsa http://timestamp.comodoca.com/rfc3161 TestApplet1.jar codesign 当我验证罐子时,我觉得一切正常: $ jarsigner -veri
jarsigner -keystore keystore.p12 -storetype pkcs12 -tsa http://timestamp.comodoca.com/rfc3161 TestApplet1.jar codesign
当我验证罐子时,我觉得一切正常:
$ jarsigner -verify -verbose -certs TestApplet1.jar
s k 415 Thu Oct 09 12:19:18 CEST 2014 META-INF/MANIFEST.MF
[entry was signed on 9-10-14 12:19]
X.509, EMAILADDRESS=test@test.nl, CN=codesigning 2014, OU=Test, O="Test BV ", L=Stad, ST=ZH, C=NL (codesign)
[certificate is valid from 11-8-14 11:19 to 11-8-15 11:29]
X.509, CN=CA-TEST (ca-test)
[certificate is valid from 23-2-11 9:37 to 23-2-16 9:46]
496 Thu Oct 09 12:19:18 CEST 2014 META-INF/CODESIGN.SF
4666 Thu Oct 09 12:19:18 CEST 2014 META-INF/CODESIGN.RSA
smk 226 Tue Oct 07 16:31:54 CEST 2014 .classpath
[entry was signed on 9-10-14 12:19]
X.509, EMAILADDRESS=test@test.nl, CN=codesigning 2014, OU=Test, O="Test BV ", L=Stad, ST=ZH, C=NL (codesign)
[certificate is valid from 11-8-14 11:19 to 11-8-15 11:29]
X.509, CN=CA-TEST (ca-test)
[certificate is valid from 23-2-11 9:37 to 23-2-16 9:46]
smk 370 Tue Oct 07 16:31:54 CEST 2014 .project
[entry was signed on 9-10-14 12:19]
X.509, EMAILADDRESS=test@test.nl, CN=codesigning 2014, OU=Test, O="Test BV ", L=Stad, ST=ZH, C=NL (codesign)
[certificate is valid from 11-8-14 11:19 to 11-8-15 11:29]
X.509, CN=CA-TEST (ca-test)
[certificate is valid from 23-2-11 9:37 to 23-2-16 9:46]
smk 792 Tue Oct 07 16:34:30 CEST 2014 nl/test/applet/TestApplet1.class
[entry was signed on 9-10-14 12:19]
X.509, EMAILADDRESS=test@test.nl, CN=codesigning 2014, OU=Test, O="Test BV ", L=Stad, ST=ZH, C=NL (codesign)
[certificate is valid from 11-8-14 11:19 to 11-8-15 11:29]
X.509, CN=CA-TEST (ca-test)
[certificate is valid from 23-2-11 9:37 to 23-2-16 9:46]
0 Tue Oct 07 16:33:50 CEST 2014 nl/
0 Tue Oct 07 16:33:50 CEST 2014 nl/test/
0 Tue Oct 07 16:33:50 CEST 2014 nl/test/applet/
s = signature was verified
m = entry is listed in manifest
k = at least one certificate was found in keystore
i = at least one certificate was found in identity scope
jar verified.
我用标签创建了一个非常基本的html文件:
<body>
<p>Test page TestApplet1</p>
<applet code="nl.test.applet.TestApplet1.class"
archive="TestApplet1.jar"
id="TestApplet1"
height="0" width="0">
</applet>
<script type="text/javascript">
alert(document.getElementById("TestApplet1").helloWorld());
</script>
</body>
测试页TestApplet1
警报(document.getElementById(“TestApplet1”).helloWorld();
但是,当我在测试网站上部署它并尝试运行小程序时,小程序被安全设置阻止。我收到的消息是:“您的安全设置已阻止不受信任的应用程序运行”
当我使用Java控制面板将安全级别设置为“中等”,然后再次打开该网页时,我会收到安全警告:请求从以下位置运行未签名的应用程序。“
我的方法有什么问题
顺便说一句,我已经将我的CA证书导入IE证书存储和Java控制面板中管理的证书中的受信任根CA
欢迎提出任何建议。查看
基本上,自签名小程序的行为方式与您注意到的相同。这是因为Java的安全标准。如果要删除警告,需要购买证书
希望这有帮助。您需要执行以下步骤:
- 用钥匙在所有罐子上签名
- 确保您使用https李>
- 如果您对https使用http或自签名ssl证书,则需要将主机添加到安全例外列表中(jcontrol->security tab->Edit Site list)