IMP: Your Java Applets and Web Start Applications Should Be Signed

Starting with Java SE 7 Update 21 in April 2013, all Java Applets and Web Start Applications should be signed with a trusted certificate.

certificateThe April 16th, 2013 Critical Patch Update for Java SE (7u21) will change the launch behavior related to running Java Applets and Web Start Applications. Users will be presented with a dialog(s) that will provide additional information to the user who can choose to continue or terminate execution. For the best possible user experience, your Applets and Web Start Applications should be signed. 

What does this mean? Java SE 7u21 will introduce changes to Java browser plug-in behavior, encouraging application authors and vendors to sign code with a certificate from a trusted Certificate Authority. You, as a developer, are strongly encouraged to sign code now in preparation for this release and future releases.

For more information, read Java Applet & Web Start - Code Signing on OTN.


i long for the day when our last web application designs java out!

Posted by guest on April 05, 2013 at 10:38 AM PDT #

Current version is Java SE 7 Update 17.
In this article Java SE 7 Update 21 is mentioned.
What about Java SE 7 Update 18 and/or 19?

Posted by guest on April 10, 2013 at 03:01 AM PDT #

The reason that the version increments are in odd or even increments is based on whether the update is critical or not. In this case Oracle is addressing a Security vulnerability which would be critical and explains skipping the even number updates.

Posted by Tori on April 16, 2013 at 01:39 PM PDT #

I am going to try.

Posted by Katsunori Nakamura on April 16, 2013 at 09:22 PM PDT #

it is not clear that what should I do exactly.?

Posted by Mallikaraj on April 19, 2013 at 01:43 AM PDT #

I need to implement web video/audio chat in java urgently, i came to know that JMF is good to implement video chat.
Can you provide some basic implementation pr prototype so i can take help guide.
Please guide me.

Posted by Sumit on April 19, 2013 at 04:02 AM PDT #

I hope this is a temporary change until the holes in the security model are fixed ... getting a CA-signed code-signing certificate is expensive (Thawte used to have a program that could issue a free certificate based on an e-mail address, but it has been closed down) and a hassle, and there's a lot of cool stuff that an applet could do while still respecting the same-origin policy if only the Java platform didn't take so long to load and pop up so many security warnings.

Posted by David L on April 19, 2013 at 05:49 AM PDT #

You should go to the Java Forums to ask technical questions.

Posted by Tori on April 22, 2013 at 11:09 AM PDT #

I will *never* sign my applets. Instead I am converting all of the existing ones into other languages (specifically Javascript and Dart). However, I do find it sad that such a great technology has been killed with decisions like this.

Posted by guest on April 23, 2013 at 08:54 AM PDT #


Posted by guest on June 04, 2013 at 12:45 AM PDT #

Actually you can use a self-signed cert just fine. Just import the root/public key into the CACERTS store as well the browse cert store on the clients.

Posted by guest on June 21, 2013 at 04:29 AM PDT #

To clarify, signed applications run in the sandbox. That behavior changed back in 7u25 (April 2013) and there’s an external write-up at

If you’re looking to avoid purchasing a code-signing certificates, you can find instructions for self-signing over at

Posted by Tori on January 13, 2014 at 10:45 AM PST #

thanks for sharing this blog with us. really quite informative helpful for me. Great point. Nice content. I enjoyed reading this thoroughly. you have done a great job on this blog.I am impressed with your work.

Posted by web design mumbai on May 05, 2015 at 11:16 PM PDT #

@web design mumbai, if you really enjoyed this blog there are other blogs too, which you can really thorougly enjoy.
Go through all oracle blogs. Great contents and really useful.

Posted by guest on May 09, 2015 at 02:20 AM PDT #

Post a Comment:
  • HTML Syntax: NOT allowed

Insider News from the Java Team at Oracle!



« May 2016