Skip to Main Content

Java APIs

Regardig JDK-8016771 : 7u25: warning dialogue still show up even all jar files are signed

1518874Jan 22 2014 — edited Jan 23 2014


Firslty - I want to mention that I am brand new here. So, I am not sure if this is the right place to have this discussion - if it is not - kindly point me to the location where I should post it.

My question is regrding the bug Regardig JDK-8016771 : 7u25: warning dialogue still show up even all jar files are signed.

We had build a small java applet using jre 1.1.8. And it was very simple - we did not signed it and\or used any certificate. We were not concerend about it because that is a very small part in out software suit.

Now - with the recent update (when customer updates to 1.7)  - the webpage can not be reached because the security feature.

Now as suggested here

We did do the following

   1) Create all index entries first; index.list

   2) Then try to sign all the jars

So, this is waht we did -

We only have one jar file  -> cyberchat.jar

I downloaded the latest jdk 1.7 to use the jarsigner. After that inorder to index it I used the following command

C:\jdk1.7.0_51\bin\jar -i C:\Working\CCS\Root\Source\Services\WebChat\CyberChat\Applet\CyberChat.jar

That did not give me any error.

Then in order to sign it with our certificate (cerificate used certify other exe and services) I used the following command

C:\Program Files\Java\jdk1.7.0_51\bin>jarsigner -storetype pkcs12 -keystore "C:\Shared\SignTool\pfcert.pfx" "C:\Working\CCS\Root\Source\Services\WebChat\CyberCh

at\Applet\cyberchat.src.jar" "le-973a7aac-c571-40e5-9d71-70e46b7277a0"

Enter Passphrase for keystore:

after enterting the keystore

I get back the following message


The signer's certificate chain is not validated.

No -tsa or -tsacert is provided and this jar is not timestamped. Without a timestamp, users may not be able to validate this jar after the signer certificate's expiration date (201

5-02-18) or after any future revocation date.

Now, I am not worred about the timestamp warnig. But I think due to the cetificate chain warning - our users are still not able to access the web applet - because it is still being blocked.

Now -  I was wondering if anyone could kindly tell me how could I get that warning go away.

FYI - we do not want to compile our code against latest version of jre

Post Details
Locked on Feb 19 2014
Added on Jan 22 2014