I've developed an open source program, WPCleaner, which is distributed through Java Web Start. Current version is available at http://site4145.mutu.sivit.org/WikiCleaner/WikiCleaner.jnlp
With the recent updates in Java, it becomes more and more difficult to deploy Java applications through Java Web Start when you need the application to have a few permissions (writing in the preferences, accessing other web sites, ...)
My application was self-signed, which was ok before but new updates require users to accept the application every time they run it, not just once and for all if they wish. So, I decided to use a trusted certificate for signing my application.
I got one from Certum (apparently, they're free for open source developers), following this discussion: Code signing certificate for open-source projects?
I've generated a new jar file, signed with this certificate (jar file available at http://site4145.mutu.sivit.org/WikiCleaner/WikipediaCleanerTest.jar), but I still have problems: when I start the application through JWS, Java still displays a warning windows not letting me trust the application once and for all. Editor is still displayed as UNKNOWN, but when I look in the details of the message, it's my new certificate from Centrum that's being used.
Does anyone have an idea on what I'm doing wrong ?
I thought that having a certificate from a trusted CA (Centrum seems to be in Java cacerts) would allow users to accept the certificate once and for all.
Thanks
PS: When I run jarsigner -verify
, I get the following warning
"This jar contains entries whose certificate chain is not validated."
See Question&Answers more detail:
os 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…