Certificate chain and Java Web Start
843802Mar 26 2007 — edited Apr 16 2007Hi,
I have an application as a JAR file with other JAR libraries. All these files are signed with a certificate that I have generated with my own CA (OpenSSL).
The trusted chain is this: rootCA.cer ->subCA1.cer ->jws.cer
jws.cer was generated with a Certificate Sign Request through the java KEYTOOL and then my CA has signed this request. After done this, I have put the jws.cer in the same keystore of the request but to do this I needed to put the rootCA.cer and subCA1.cer before in the keystore.
The keystore has now three certificates and the key pair of jws.cer. This certificate works good to sign the JAR files.
Is it all good?
When I call this application with Java Web Start a popup always appears and say "Certificate is valid, etc. etc.". All it's good but pop-up is shown anyway.
I have inserted the rootCA and subCA1 certificate in the client Java Web Start certificate store but the pop-up is always shown.
Why this?
Is It not enough to install the CA certificate (and then the SubCA certificate) in the JavaWS certificate (client) store to not have the pop-up visualization?
Thanks