Java 7u51 will not accept JNLP with self-signed certificate?

Yes, this is true. This blog entry from Oracle has the details.

As I understand it, you have three options for continuing to work:

  1. Sign your app with a trusted cert
    • Normally, this is done by acquiring a cert from one of the vendors whose root certs are trusted by Java by default.
    • You can also use a self-signed certificate if your community of users is controlled (e.g. all within a managed corporate network, or all students in the same intro to programming class).
  2. Have your end users configure their machines to trust your app despite it being self-signed
    • via deployment rule sets (Oracle’s intention is that DRSs are only to be used in corporate environments, where you can push out this configuration update via a centralized management technology)
    • via the exception site list (I believe this is intended to be analogous to DRSes, but for individual end users without centralized management)
  3. Have your users lower their security slider from High (the default) to Medium

See also my question about obtaining pre-release versions of these updates to test with.

Leave a Comment

tech