Certificate is trusted only once

1
votes

I have java applet that is signed by certificate.

When applet is executed for the first time, everything works OK (server trusts certificate) and agent runs.

But when applet is executed for the second time that SAME certificate is not trusted. And execution of applet is not allowed. Which of course is bizarre.

I truly don't have an idea what might cause this behaviour. So if anyone of you have met with the same behaviour please give me a hint.

Environment is Lotus Notes 8.5.3. And it is the same in all browsers.

Lukas

Thank you for your comments, Here is more information about certificate

  • Certificate Signature Algorithm: PKCS #1 MD5 With RSA Encryption

  • Issuer: (our company)

  • Subject Public Key Algorithm: PKCS #1 RSA Encryption

  • Certificate Key Usage: Critical, Signing, Key Encipherment

  • Extended Key Usage: Not Critical, TLS Web Server Authentication, Certificate Signature Algorithm

  • Issued On: 23.1.2012

  • Expires On: 24.4.2017

Java applet is standard JApplet

I don't know, what might be useful here. Can you have more specific questions?

1
javacertificatelotus-notesagent
Are you executing the applet in a browser or ActiveX Web Browser control? Is the control embedded on a Notes Document? - Simon O'Doherty
Servlet is executed in browser and it is independent on document opened in xpage. What servlet does (if it is executed) is that it creates new domino document and adds image from clipboard (print screen) as attachment to this new document. - Lukas
I think you probably need to flesh it out a bit more in your description above, so we get a clear idea of what kind of setup you have. - Simon O'Doherty

1 Answers

0
votes

The signing certificate needs the "Code Sigining" OID: "1.3.6.1.5.5.7.3.3" as described in http://fernandokarnagi.wordpress.com/2009/01/29/extended-key-usage-issue-applet-jar-signer/. See Error: KeyUsage does not allow digital signatures - Java-applet + mutual SSL for additional information, too.