I know there have been several discussions about this problem, but I did not see a clear answer. If I missed something, I apologize.
I have just loaded JRE 7u45 on a closed network, so there is no way out to Oracle. When my Java applet loads, I get the following warning:
The connection to this website is untrusted: https://javadl-esd-secure.oracle.com:443
The certificate is not valid and cannot be used to verify the identity of this website
This application will be blocked in a future Java security update because the JAR file manifest does not contain the Permissions attribute...
When you look at the details, it tells you the certificate is trying to connect to the above URL, but it is expecting "localhost.localdomain".
So the first problem is why is Oracle putting an expired cert in the production build? I assume this certificate is from Oracle. The issuer is "localhost.localdomain" and the valid period is June 2010-2011. Where does this cert come from and can I get rid of it somehow? I'm guessing it's meant to automatically update from Oracle, but since my computers can't get there, I need a way to disable this, without turning off CRL checking.
Secondly, assuming this cert does come from Oracle, wouldn't it make sense they fix the second message too?
Thanks,
Marc