UNKNOWN publisher when launching Java applet using JNLP

2
votes

After upgrading to JRE 1.7.40 I am getting a 'UNKNOWN' publisher warning message. I am using JNLP to download the client jars, these jar files are signed using a keystore file.

I am generating the Keystore file by running

keytool -keystore mykeystore -genkey -alias myalias -keyalg RSA -keysize 2048

Then generating .csr file keytool -certreq -keyalg RSA -alias myalias -file Test.csr -keystore mykeystore

I then use mykeystore to sign my jar using ant

Then I am making the Test.csr file a trusted certificate using the Root & intermediate CA's. I then load all the 3 certificates in my Java Web start.

But still get the same 'UNKNOWN' publisher warning message. anything I am doing wrong?

1
javasecurityappletjnlpjar-signing
You should be able to see the certificate details along with the warning message. Are you certificates showing up there? Is your root certificate in your cacerts file?Teepeemm
Yes I can see the certificate in my message, it says it is from UNKNOWN publisher. I have also added root and trusted certificate in my java web start.java1977
UNKOWN publisher will happen if Java can't trace your certificate chain back to a certificate authority in your cacerts file. You should be able to bring up the certificate details ("more information", perhaps?), and see the entire certificate chain. Are you able to see all of the certificates in your chain in this way? Is the root certificate in cacerts?Teepeemm

1 Answers

0
votes

I resolved this problem putting my own certified (.csr file) in 'Signer CA' type list at Java Control Panel. The warning message is showed but, I can confirm this certified for no more warnings.

My certificate at "Signer CA" type (lang: pt-BR)
(source: devdelver.com)

Sorry, my "Java Control Panel" is in pt-BR lang. The complete breadcrumb is "Control Panel">"JAVA">"Security tab">"Manage Certificates">"Signer CA" certificate type.