Java 7u51 will not accept JNLP with self-signed certificate?
I read on the web that Java version 7u51 (to be released in January 2014) will no longer accept Java Webstart applications that are self-signed by me.
Is that true?
In case it is true, do I have any chance to build a workaround for my JNLP application, so that I am able to start the application even after January 2014?
I have seen that the option to suppress the security warnings because of the usage of a self-signed certificate was removed in 7u40.
Answer
Yes, this is true. This blog entry from Oracle has the details.
As I understand it, you have three options for continuing to work:
- Sign your app with a trusted cert
- Normally, this is done by acquiring a cert from one of the vendors whose root certs are trusted by Java by default.
- You can also use a self-signed certificate if your community of users is controlled (e.g. all within a managed corporate network, or all students in the same intro to programming class).
- Have your end users configure their machines to trust your app despite it being self-signed
- via deployment rule sets (Oracle's intention is that DRSs are only to be used in corporate environments, where you can push out this configuration update via a centralized management technology)
- via the exception site list (I believe this is intended to be analogous to DRSes, but for individual end users without centralized management)
- Have your users lower their security slider from High (the default) to Medium
See also my question about obtaining pre-release versions of these updates to test with.