Custom Certificate Dialogs for JWS App Clients

Java Web Start is an awesome technology... but like all awesome technologies, it can have a darkside. I went to a site yesterday that had a JWS enabled demo that had a self-signed certificate. When JWS asked me to trust the site, I had to say 'No'.

That reminded me that I had to do something similar for the application client that I created in one of my earlier entries. So I started to ask folks about how to get a real certificate associated with my clients.

To implement 'Webstartability' (Note to the AP, don't ask Steven Colbert or Michael Adams to define this soon to be 'Word of 2006'. You'll need to ask Tim Quinn) the GlassFish Project's implementation uses a generic client that is reused by all user implemented clients.

The shared, generic client is in the lib directory of the GlassFish installation. It is called 'appserv-jwsacc-signed.jar'. It is the file that triggers the security certificate dialog that appears when you start an webstartable app client. [For an example, see this entry If you take a second look in the lib directory, you will also see the file 'appserv-jwsacc.jar'. This is the unsigned version of the generic client.

Why is this file there? This file is there, so that you can sign it with YOUR own certificate. By replacing the 'appserv-jwsacc-signed.jar' with a copy of the appserv-jwsacc.jar file that is signed with your certificate and NAMED 'appserv-jwsacc-signed.jar', your users will see a new dialog, when they are asked to trust the certificate... One with your organization's name in it!

Comments:

Post a Comment:
Comments are closed for this entry.
About


Vince Kraemer writes the entries in this blog.

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today
News
Blogroll

No bookmarks in folder

automarks