Java 7u51 will not accept JNLP with self-signed certificate?

Question

I read on the web that Java version 7u51 (to be released in January 2014) will no longer accept Java Webstart applications that are self-signed by me.

Is that true?

In case it is true, do I have any chance to build a workaround for my JNLP application, so that I am able to start the application even after January 2014?

I have seen that the option to suppress the security warnings because of the usage of a self-signed certificate was removed in 7u40.

Answer 1

Yes, this is true. This blog entry from Oracle has the details.

As I understand it, you have three options for continuing to work:

1. Sign your app with a trusted cert
   • Normally, this is done by acquiring a cert from one of the vendors whose root certs are trusted by Java by default.
   • You can also use a self-signed certificate if your community of users is controlled (e.g. all within a managed corporate network, or all students in the same intro to programming class).
2. Have your end users configure their machines to trust your app despite it being self-signed
   • via deployment rule sets (Oracle's intention is that DRSs are only to be used in corporate environments, where you can push out this configuration update via a centralized management technology)
   • via the exception site list (I believe this is intended to be analogous to DRSes, but for individual end users without centralized management)
3. Have your users lower their security slider from High (the default) to Medium

See also my question about obtaining pre-release versions of these updates to test with.