Java 7u51 will not accept JNLP with self-signed certificate?

java self-signed java-web-start jnlp

Solution 1:

Yes, this is true. This blog entry from Oracle has the details.

As I understand it, you have three options for continuing to work:

  1. Sign your app with a trusted cert
    • Normally, this is done by acquiring a cert from one of the vendors whose root certs are trusted by Java by default.
    • You can also use a self-signed certificate if your community of users is controlled (e.g. all within a managed corporate network, or all students in the same intro to programming class).
  2. Have your end users configure their machines to trust your app despite it being self-signed
    • via deployment rule sets (Oracle's intention is that DRSs are only to be used in corporate environments, where you can push out this configuration update via a centralized management technology)
    • via the exception site list (I believe this is intended to be analogous to DRSes, but for individual end users without centralized management)
  3. Have your users lower their security slider from High (the default) to Medium

See also my question about obtaining pre-release versions of these updates to test with.

Solution 2:

Oracle just announced that a new feature called the Exception Site List will be available in 7u51.

If it means what I think it means, then in-house-only apps who are currently self-signing their jars can simply ask their users to whitelist the app without the user having to do anything "complicated" for an end user, like importing a cert (for example).

UPDATE:

Java 7u51 was just released, and I can confirm that the Exception Site List solution works quite easily. Just go to Java Control Panel -> Security -> Edit Site List, and add the URL of the self-signed JNLP app to the list of Locations.

Solution 3:

This is for Windows ONLY

Go to Java configuration in Windows, "java configure", choose "Security" tab and Choose "Edit Site List", add your self signed url into the list.

Sometimes you need to add the full url of the java application into the list to make it work, you cannot just add https://xxx.abc.com, should be https://xxx.abc.com/application_blah_blah instead.

After added the url, restart the java application by input that url in the browser, it will work.

Related

Pass object through Link in react router
JPA: JOIN in JPQL
Exporting to .xlsx using Microsoft.Office.Interop.Excel SaveAs Error
When should Emacs #'function syntax be used?
How to set the app icon as the notification icon in the notification drawer
Spring Data JPA: Query by Example?
Cordova: Android SDK not found. Make sure that it is installed. If it is not at the default location, set the ANDROID_HOME environment variable
Response for preflight does not have HTTP ok status in angular
Plotting lines connecting points
Spark using python: How to resolve Stage x contains a task of very large size (xxx KB). The maximum recommended task size is 100 KB
How can I use cumsum within a group in Pandas?
Change Gitlab CI Runner user