如何让机器信任自签名 Java 应用程序

声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow 原文地址: http://stackoverflow.com/questions/21157450/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me): StackOverFlow

提示:将鼠标放在中文语句上可以显示对应的英文。显示中英文
时间:2020-08-13 06:59:56  来源:igfitidea点击:

How to make a machine trust a self-signed Java application

javasecuritycertificatejava-web-startself-signed

提问by Benoit Duffez

I'm deploying an application using JAWS, and it worked until late 2013 when I got a warning, and then this morning Java completely blocked it. The message in French is:

我正在使用JAWS部署一个应用程序,它一直工作到 2013 年底我收到警告,然后今天早上 Java 完全阻止了它。法语消息是:

Application bloquée par les paramètres de sécurité
Vos paramètres de sécurité ont bloqué l'exécution d'une application auto-signée avec une version obsolete ou arrivée à expiration de Java.

Application bloquée par les paramètres de sécurité
Vos paramètres de sécurité ont bloqué l'execution d'une application auto-signée avec une version obsolete ou arrivée à expire de Java。

which would translate roughly as:

这将大致翻译为:

Application blocked by the security settings
Your security settings have blocked from running an application that has been self-signed with an obsolete or outdated Java.

应用程序被
安全设置阻止 您的安全设置已阻止运行使用过时或过时的 Java 进行自签名的应用程序。

The grammar is not that clear, the end of the sentence could be read as either:

语法不是那么清楚,句子的结尾可以读作:

  • ...blocked a self-signed application from running with an obsolete or outdated Java [runtime], meaning that the local runtime is too old, but the self-signature is fine
  • ...blocked an application that has been self-signed with an obsolete or outdated Java [compiler], meaning that the Java compiler used is too old
  • ...阻止自签名应用程序使用过时或过时的 Java [runtime] 运行,这意味着本地运行时太旧,但自签名很好
  • ...阻止了使用过时或过时的 Java [编译器] 进行自签名的应用程序,这意味着所使用的 Java 编译器太旧

I searched online for the exact same message in English, but I couldn't find it. So the grammar is still unclear. Note that on the message there is no Name: xyz / From: http://url/, there's only the text I typed above, and a blue "i" icon.

我在网上搜索了完全相同的英文消息,但找不到。所以语法还是不清楚。请注意,消息中没有Name: xyz / From: http://url/,只有我在上面输入的文本和蓝色的“i”图标。

Now, I don't really understand the exact meaning of this error message, but I know that there is an issue because my JARfiles are all self-signed. I have already faced this on other Windows clients, and it was easy:

现在,我并不真正理解此错误消息的确切含义,但我知道存在问题,因为我的JAR文件都是自签名的。我已经在其他 Windows 客户端上遇到过这个问题,这很容易:

  • I extracted a .cercertificate from my keystore;
  • Downloaded it on the client machine, open it;
  • Made the customers install it as a trusted source on their local machine.
  • .cer从我的密钥库中提取了一个证书;
  • 在客户端机器上下载,打开;
  • 让客户将其安装为本地机器上的可信来源。

It worked like a charm on my test setup and for one customer, but another one still has the issue and cannot run my software.

它对我的测试设置和一个客户来说很有吸引力,但另一个客户仍然存在问题并且无法运行我的软件。

This is a big issue from me, and I don't know what to do. Should I upgrade my Java compiler, recompile everything, sign every JAR file again and cross fingers? How can I make that Windows box trust my certificate and let the Java application run?

这是我的一个大问题,我不知道该怎么办。我应该升级我的 Java 编译器,重新编译所有内容,再次签署每个 JAR 文件并交叉手指吗?我怎样才能让那个 Windows 机器信任我的证书并让 Java 应用程序运行?

采纳答案by Mehdi

Just Go To *Startmenu>>Java>>Configure Java>> Security>> Edit site list>> copy and paste your Link with problem>> OKProblem fixed :)*

只需转到 * 开始菜单>> Java>>配置 Java>>安全>>编辑站点列表>>复制并粘贴有问题的链接>>确定问题已修复:)*

回答by Benoit Duffez

SERIOUS DISCLAIMER

严重免责声明

This solution has a serioussecurity flaw. Please use at your own risk.
Have a look at the comments on this post, and look at all the answers to this question.

该解决方案存在严重的安全漏洞。请您自担风险使用。
看看这篇文章的评论,看看这个问题的所有答案。



OK, I had to go to the customer premises and found a solution. I:

好的,我不得不去客户场所并找到了解决方案。一世:

  • Exported the keystore that holds the signing keys in PKCS #12format
  • Opened control panel Java-> Securitytab
  • Clicked Manage certificates
  • Imported this new keystore as a secure site CA
  • PKCS #12格式导出保存签名密钥的密钥库
  • 打开控制面板Java->安全选项卡
  • 单击管理证书
  • 将此新密钥库导入为安全站点CA

Then I opened the JAWSapplication without any warning. This is a little bit cumbersome, but much cheaper than buying a signed certificate!

然后我在没有任何警告的情况下打开了JAWS应用程序。这有点麻烦,但比购买签名证书便宜得多!

回答by troscher

I was having the same issue. So I went to the Java options through Control Panel. Copied the web address that I was having an issue with to the exceptions and it was fixed.

我遇到了同样的问题。所以我通过控制面板进入了 Java 选项。将我遇到问题的网址复制到异常中,并已修复。

回答by Geka P

I had the same problem, but i solved it from Java Control Panel-->Security-->SecurityLevel:MEDIUM. Just so, no Manage certificates, imports ,exports etc..

我遇到了同样的问题,但我从 Java Control Panel-->Security-->SecurityLevel: MEDIUM解决了它。就这样,没有管理证书、进口、出口等。