From owner-freebsd-java Tue Jan 14 1:36: 5 2003 Delivered-To: freebsd-java@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DDAC337B401 for ; Tue, 14 Jan 2003 01:36:03 -0800 (PST) Received: from smtp.web.de (smtp02.web.de [217.72.192.151]) by mx1.FreeBSD.org (Postfix) with ESMTP id CE41343E4A for ; Tue, 14 Jan 2003 01:36:02 -0800 (PST) (envelope-from g.w.k@web.de) Received: from [213.148.149.130] (helo=hunter.muc.mscsoftware.com) by smtp.web.de with esmtp (WEB.DE(Exim) 4.93 #1) id 18YNU9-0002dJ-00 for freebsd-java@freebsd.org; Tue, 14 Jan 2003 10:35:53 +0100 Subject: Mozilla won't run signed java applet, with unknown certificate From: "Georg-W. Koltermann" To: freebsd-java@freebsd.org Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Ximian Evolution 1.0.8 Date: 14 Jan 2003 10:35:50 +0100 Message-Id: <1042536953.666.26.camel@hunter.muc.mscsoftware.com> Mime-Version: 1.0 Sender: owner-freebsd-java@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, when I try to run the signed java applet example from SUN at http://java.sun.com/security/signExample12/signedPluginEx.html , Mozilla (1.2b) loads the applet, then pops up an exception window (transscribed manually, cut&paste did not work): java.security.cert.CertificateException: Unable to verify the certificate with root CA at sun.plugin.security.TrustDecider.isAllPermissionGranted(TrustDecider.java:150) at sun.plugin.security.PluginClassLoader.getPermissions(PluginClassLoader.java:124) ... The same page works in Linux, also with Mozilla (1.2.1) on my colleague's machine, it pops up a dialog to grant write permission to the signed applet. I've compared the Java version (1.3.1) and any security related files in $JAVA_HOME/jre/lib/security, they are all the same. The difference is that my colleague uses Linux with the Linux browser and JDK, and I use FreeBSD with the FreeBSD browser and FreeBSD native jdk (1.3.1p7). I have also tried to explicitly import SUN's certificate from http://java.sun.com/security/signExample12/Duke.x509 using keytool. With the certificate imported, the applet DOES WORK. It is just the default behaviour that is different, with unknown certificates. The Linux version pops up the dialog asking the user, the FreeBSD version throws the exception and fails. Is there a way to configure this? Is it a difference in the Java ports? In the Mozilla ports? -- Regards, Georg. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-java" in the body of the message