如何让机器信任自签名 Java 应用程序
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/21157450/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to make a machine trust a self-signed Java application
提问by Benoit Duffez
I'm deploying an application using JAWS, and it worked until late 2013 when I got a warning, and then this morning Java completely blocked it. The message in French is:
我正在使用JAWS部署一个应用程序,它一直工作到 2013 年底我收到警告,然后今天早上 Java 完全阻止了它。法语消息是:
Application bloquée par les paramètres de sécurité
Vos paramètres de sécurité ont bloqué l'exécution d'une application auto-signée avec une version obsolete ou arrivée à expiration de Java.
Application bloquée par les paramètres de sécurité
Vos paramètres de sécurité ont bloqué l'execution d'une application auto-signée avec une version obsolete ou arrivée à expire de Java。
which would translate roughly as:
这将大致翻译为:
Application blocked by the security settings
Your security settings have blocked from running an application that has been self-signed with an obsolete or outdated Java.
应用程序被
安全设置阻止 您的安全设置已阻止运行使用过时或过时的 Java 进行自签名的应用程序。
The grammar is not that clear, the end of the sentence could be read as either:
语法不是那么清楚,句子的结尾可以读作:
- ...blocked a self-signed application from running with an obsolete or outdated Java [runtime], meaning that the local runtime is too old, but the self-signature is fine
- ...blocked an application that has been self-signed with an obsolete or outdated Java [compiler], meaning that the Java compiler used is too old
- ...阻止自签名应用程序使用过时或过时的 Java [runtime] 运行,这意味着本地运行时太旧,但自签名很好
- ...阻止了使用过时或过时的 Java [编译器] 进行自签名的应用程序,这意味着所使用的 Java 编译器太旧
I searched online for the exact same message in English, but I couldn't find it. So the grammar is still unclear. Note that on the message there is no Name: xyz / From: http://url/, there's only the text I typed above, and a blue "i" icon.
我在网上搜索了完全相同的英文消息,但找不到。所以语法还是不清楚。请注意,消息中没有Name: xyz / From: http://url/,只有我在上面输入的文本和蓝色的“i”图标。
Now, I don't really understand the exact meaning of this error message, but I know that there is an issue because my JARfiles are all self-signed. I have already faced this on other Windows clients, and it was easy:
现在,我并不真正理解此错误消息的确切含义,但我知道存在问题,因为我的JAR文件都是自签名的。我已经在其他 Windows 客户端上遇到过这个问题,这很容易:
- I extracted a
.cercertificate from my keystore; - Downloaded it on the client machine, open it;
- Made the customers install it as a trusted source on their local machine.
- 我
.cer从我的密钥库中提取了一个证书; - 在客户端机器上下载,打开;
- 让客户将其安装为本地机器上的可信来源。
It worked like a charm on my test setup and for one customer, but another one still has the issue and cannot run my software.
它对我的测试设置和一个客户来说很有吸引力,但另一个客户仍然存在问题并且无法运行我的软件。
This is a big issue from me, and I don't know what to do. Should I upgrade my Java compiler, recompile everything, sign every JAR file again and cross fingers? How can I make that Windows box trust my certificate and let the Java application run?
这是我的一个大问题,我不知道该怎么办。我应该升级我的 Java 编译器,重新编译所有内容,再次签署每个 JAR 文件并交叉手指吗?我怎样才能让那个 Windows 机器信任我的证书并让 Java 应用程序运行?
采纳答案by Mehdi
Just Go To *Startmenu>>Java>>Configure Java>> Security>> Edit site list>> copy and paste your Link with problem>> OKProblem fixed :)*
只需转到 * 开始菜单>> Java>>配置 Java>>安全>>编辑站点列表>>复制并粘贴有问题的链接>>确定问题已修复:)*
回答by Benoit Duffez
SERIOUS DISCLAIMER
严重免责声明
This solution has a serioussecurity flaw. Please use at your own risk.
Have a look at the comments on this post, and look at all the answers to this question.
该解决方案存在严重的安全漏洞。请您自担风险使用。
看看这篇文章的评论,看看这个问题的所有答案。
OK, I had to go to the customer premises and found a solution. I:
好的,我不得不去客户场所并找到了解决方案。一世:
- Exported the keystore that holds the signing keys in PKCS #12format
- Opened control panel Java-> Securitytab
- Clicked Manage certificates
- Imported this new keystore as a secure site CA
Then I opened the JAWSapplication without any warning. This is a little bit cumbersome, but much cheaper than buying a signed certificate!
然后我在没有任何警告的情况下打开了JAWS应用程序。这有点麻烦,但比购买签名证书便宜得多!
回答by troscher
I was having the same issue. So I went to the Java options through Control Panel. Copied the web address that I was having an issue with to the exceptions and it was fixed.
我遇到了同样的问题。所以我通过控制面板进入了 Java 选项。将我遇到问题的网址复制到异常中,并已修复。
回答by Geka P
I had the same problem, but i solved it from Java Control Panel-->Security-->SecurityLevel:MEDIUM. Just so, no Manage certificates, imports ,exports etc..
我遇到了同样的问题,但我从 Java Control Panel-->Security-->SecurityLevel: MEDIUM解决了它。就这样,没有管理证书、进口、出口等。
