Skip to Main Content

Java SE (Java Platform, Standard Edition)

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

JWS gives 'failed to parse certificate' error for VALID code sign cert

843802Jun 5 2003 — edited Jul 20 2003
Hi,

For my application, After downloading jar files from web server, JWS (1.2.0_02) gives a Security Warning asking user to trust the Signer.

However, after clicking Start, it gives another Security Warning which says this:
----------
Warning: Failed to verify authenticity of this certificate because there was an error parsing the certificate. No assertions can be made of the origin or validity of the code. It is highly recommended not to install and run this code.
-------------

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Sign App jar files with a VALID code signing certificate from Thawte or Verisign (don't use DST or RSA or any other CA as JWS supports only Versign/Thawte root CA entries by default).

Download the app using JNLP, and you will see this warning.

EXPECTED -
It should not give the second security warning. First one is fine as user has to trust the signer.

There are no logs anywhere to find out what error it encountered parsing the certificate.

The certificate as such is valid, it was verified with keytool, openSSL and various other tools.
ACTUAL -
After downloading an application from web server, JWS gives a Security Warning asking user to trust the Signer.

However, after clicking Start, it gives another Security Warning which says this:
----------
Warning: Failed to verify authenticity of this certificate because there was an error parsing the certificate. No assertions can be made of the origin or validity of the code. It is highly recommended not to install and run this code.
-------------

ERROR MESSAGES/STACK TRACES THAT OCCUR :
Warning: Failed to verify authenticity of this certificate because there was an error parsing the certificate. No assertions can be made of the origin or validity of the code. It is highly recommended not to install and run this code.
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Aug 17 2003
Added on Jun 5 2003
5 comments
336 views