Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsWhite Papers
Discussion GroupsFirst AidDatabasesJavaBeansGUIJava 3DVirtual MachineCORBASecurityToolsGeneral
Java DirectoryOpen Source ProjectsSample Book ChaptersUser GroupsWeb Resources
Related Topics
Databases.NETMore Topics ...
Java Forum / General / January 2006

Tip: Looking for answers? Try searching our database.

Security message appears twice for a signed applet

Thread view: 
Enable EMail AlertsStart New Thread
Alexandre Brizard - 16 Jan 2006 22:01 GMT
Hi!

I have an applet which I sign with Verisign as a CA.  I have just
renewed my certificate and signed my applet with it, but now it pops
the security message twice: once with the old certificate and again
with the new certificate.  This happens only on PCs having already
downloaded and executed the applet which was signed with the old
certificate.  Otherwise, with a "clean" PC, the security message
appears only once with the valid certificate.

Any ideas?

Alex B
Reply to this Message
Roedy Green - 16 Jan 2006 22:02 GMT
On 16 Jan 2006 14:01:11 -0800, "Alexandre Brizard"
<alexandre.brizard@gmail.com> wrote, quoted or indirectly quoted
someone who said :

>I have an applet which I sign with Verisign as a CA.  I have just
>renewed my certificate and signed my applet with it, but now it pops
>the security message twice: once with the old certificate and again
>with the new certificate.

have you signed your jar with both certs?  I think you want to rebuild
you jar with just the new signature.
Signature

Canadian Mind Products, Roedy Green.
http://mindprod.com Java custom programming, consulting and coaching.

Reply to this Message
Alexandre Brizard - 16 Jan 2006 22:04 GMT
Nope.  I have rebuilded my applet and signed it only with the new
certificate.
Reply to this Message
Alexandre Brizard - 16 Jan 2006 22:09 GMT
In fact, I may add that I have tried the aforementionned solution too
(trying to sign the applet with both certificates).  Didn't work.
Reply to this Message
Roedy Green - 17 Jan 2006 00:02 GMT
On 16 Jan 2006 14:04:29 -0800, "Alexandre Brizard"
<alexandre.brizard@gmail.com> wrote, quoted or indirectly quoted
someone who said :

>Nope.  I have rebuilded my applet and signed it only with the new
>certificate.

this makes no sense. What ties the two certs together that would even
let the browser find the old one?
Signature

Canadian Mind Products, Roedy Green.
http://mindprod.com Java custom programming, consulting and coaching.

Reply to this Message
Alexandre Brizard - 17 Jan 2006 02:27 GMT
> this makes no sense. What ties the two certs together that would even
> let the browser find the old one?

hey.  you tell me.
Reply to this Message
Roedy Green - 17 Jan 2006 03:04 GMT
On 16 Jan 2006 18:27:22 -0800, "Alexandre Brizard"
<alexandre.brizard@gmail.com> wrote, quoted or indirectly quoted
someone who said :

>> this makes no sense. What ties the two certs together that would even
>> let the browser find the old one?
Could you post the public parts of the cert. Maybe there is a clue
there.
Signature

Canadian Mind Products, Roedy Green.
http://mindprod.com Java custom programming, consulting and coaching.

Reply to this Message
Alexandre Brizard - 17 Jan 2006 23:28 GMT
> Could you post the public parts of the cert. Maybe there is a clue
> there.

Here goes:

======
Expired certificate
======
Version
V3

Serial Number
[151524373930583977178677174733630902393]

Signature algorithm
[SHA1withRSA]

Emitter
CN=VeriSign Class 3 Code Signing 2004 CA,
OU=Terms of use at https://www.verisign.com/rpa (c)04,
OU=VeriSign Trust Network,
O="VeriSign, Inc.",
C=US

Validity
[From: Tue Jan 11 19:00:00 EST 2005,
To: Thu Jan 12 18:59:59 EST 2006]

Subject
CN=GlobeeCom Inc.,
OU=GlobeInstaller,
OU=Digital ID Class 3 - Java Object Signing,
O=GlobeeCom Inc.,
L=Trois-Rivieres,
ST=Quebec,
C=CA

SIgnature
0000: 20 CF 6B A1 54 16 9B E4   7A DD F4 0B E9 EF 00 72
.k.T...z......r

0010: DC A6 13 76 52 89 61 7D   DF ED 4E 51 0E 28 0B 39
...vR.a...NQ.(.9

0020: AD DA 4A 68 6B 91 2C BC   AC EB 05 2D ED AC 72 F9
..Jhk.,....-..r.

0030: 80 E6 C4 08 FD AE 41 77   06 FD C4 66 16 32 77 F9
......Aw...f.2w.

0040: FC 01 BC 0E 09 11 4F 7F   BF 35 21 4E 2D 7F 14 A0
......O..5!N-...

0050: 71 D2 17 13 7F 31 F8 BC   EF CF 88 7E BA DA B8 A3
q....1..........

0060: AD F5 09 F9 31 86 A3 DA   57 27 91 22 3E D9 34 87
....1...W'.">.4.

0070: 0E 07 D0 44 97 37 DB 8D   75 F3 5F 9A 49 1B 23 31
...D.7..u._.I.#1

0080: 46 3C DC 6A 19 BD CB 6D   E7 DD CA 03 AC 7D 18 12
F<.j...m........

0090: 76 B6 22 CD C5 3B A9 7C   64 6A 04 4A 39 61 4D B2
v."..;..dj.J9aM.

00A0: 60 A8 ED 33 3D D2 07 C7   F7 23 7F D7 F4 8D 5A B3
`..3=....#....Z.

00B0: 93 0E F2 49 C8 E1 73 89   96 CA 5B 28 BE F8 47 28
...I..s...[(..G(

00C0: B2 C8 E9 04 9B BC 08 3E   89 D4 21 D4 B1 3D B9 0C
.......>..!..=..

00D0: E0 64 90 A2 F8 B7 B3 85   2C 25 0D 9D 08 41 10 F1
.d......,%...A..

00E0: 1D E7 17 08 00 38 2E 07   3C 9B EC 32 FC 02 89 53
.....8..<..2...S

00F0: 3A 53 11 CB BB 58 14 C4   A4 D9 D9 E0 88 9F 9D 49
:S...X.........I

=======
New certificate
=======
Version
V3

Serial number
[64882958590863186273699943667431709424]

Signature algorithm
[SHA1withRSA]

Emitter
CN=VeriSign Class 3 Code Signing 2004 CA,
OU=Terms of use at https://www.verisign.com/rpa (c)04,
OU=VeriSign Trust Network,
O="VeriSign, Inc.",
C=US

Validity
[From: Mon Dec 19 19:00:00 EST 2005,
To: Wed Jan 17 18:59:59 EST 2007]

Subject
CN=GlobeeCom Inc.,
OU=GlobeInstaller,
OU=Digital ID Class 3 - Java Object Signing,
O=GlobeeCom Inc.,
L=Trois-Rivieres,
ST=Quebec,
C=CA

Signature
0000: 29 10 CB BF 0E A6 0B 95   F5 C1 A7 B0 4A E4 71 77
)...........J.qw

0010: F3 A1 F2 F6 9C 63 8C CB   A2 54 2B CE 64 C7 7D CC
.....c...T+.d...

0020: 7F 6D 87 6A EA EC E6 AF   CE B2 F5 3A 94 3B 4E 75
.m.j.......:.;Nu

0030: B9 06 0D 21 F4 DE 39 AD   A3 2E A0 7B 26 87 DA 1F
...!..9.....&...

0040: B4 E9 CB CD 8B 75 38 16   A2 35 15 BA A0 24 AE BA
.....u8..5...$..

0050: E7 70 D2 00 5B 77 F2 8F   51 07 D6 BD 35 B4 00 D5
.p..[w..Q...5...

0060: 68 F2 9B 42 92 22 64 1D   4F 95 1D E1 01 C0 3E B3
h..B."d.O.....>.

0070: 1C AB CF 6C F7 1B 76 B2   E7 28 72 80 6A ED A8 54
...l..v..(r.j..T

0080: EE DB EC 21 98 D3 CE 02   33 D0 7C 4C BA F7 A1 D3
...!....3..L....

0090: BF 01 45 1F FF EA 26 28   DC 46 A0 7E 8B A2 95 20
..E...&(.F.....

00A0: CC 10 FF 33 7E AB CC 8F   45 EA 2D D3 08 D4 80 A9
...3....E.-.....

00B0: 60 9F 00 05 F8 1D 12 47   0D 48 EE 0C FC E3 CE 90
`......G.H......

00C0: B5 EF 6E 7C 66 21 02 EC   ED 79 EB E2 8E C8 15 85
..n.f!...y......

00D0: 9D 7D AC A5 90 F5 FC E0   0C CA 8C B8 65 87 A9 46
............e..F

00E0: 5E A9 A2 42 4D 0F E1 10   86 AD E8 41 86 DB 24 C0
^..BM......A..$.

00F0: 4D DB FD D5 F6 72 8C 66   F0 B0 AA 7C E8 07 82 B3
M....r.f........
Reply to this Message
Roedy Green - 18 Jan 2006 03:43 GMT
On 17 Jan 2006 15:28:25 -0800, "Alexandre Brizard"
<alexandre.brizard@gmail.com> wrote, quoted or indirectly quoted
someone who said :

> O=GlobeeCom Inc.,
> L=Trois-Rivieres,
> ST=Quebec,
> C=CA

I see why I have never run into the problem. My certs are not
identical in this area.

I guess all you can do is write some program to uninstall the old
cert.

see http://mindprod.com/projects/certificate.html
http://mindprod.com/projects/rootcertinstaller.html
Signature

Canadian Mind Products, Roedy Green.
http://mindprod.com Java custom programming, consulting and coaching.

Reply to this Message


Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2009 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.