My website uses SSL and takes them directly to a Java applet after login. The applet yields a warning screen proclaiming that the website's certificate can't be verified. After clicking "Yes" to continue anyway, a second pop up appears with:
Identification required. Please select certificate to be used for authentication.
Underneath that message, there is a white box that I assume is supposed to list certificate options. Mine doesn't have any options, so I am forced to click "OK" and the applet doesn't load.
The certificates for the website are installed on the browser. I also installed them by right-clicking on the Java icon within the Windows task bar, clicking "Open Control Panel" and installing them through the Security options.
Nothing seems to work. Does anyone have any ideas?
You have your Tomcat or whatever configured to request or require SSL client certificates. The effect at the client is the same for both: an incoming CertificateRequest. So it pops up the 2nd dialog. If you cancel and it is 'request' not 'require', the applet should load.
I have had numerous problems with applets and HTTPS recently, including what look like Java plugin bugs, and have concluded that the answer is really to load them via HTTP in plaintext.
The first dialog should be fixed by not using a self-signed SSL certificate.
Related
I am trying to handle the following issue while trying to automate login process with JMeter WebDriver Sampler to our web app, which requests an authoriaztion certificate for a user to log in.
After filling credentials and clicking the Login button, the following window is called:
dialog window. I assume this is an OS window that cant be aimed by Selenium/WebDriver Sampler script - or is it possilbe?
EDIT: I found some solution e.g. https://sqa.stackexchange.com/questions/7640/how-to-select-security-certificate-from-security-dialog bit I am kind of afraid of implement the recommended code to the script - isnt there another solution then via Selenium script?
I tried to set a certificate in jmeter's system.properties file:
system.properties keystore setting.
I supposed it makes SOMETHING, e.g. some error after launching script, but it ends on the exactly same step - dialog window with Certificate choosing offer. So I assume this is wrong place to set user authentication certificate.
How is it possible to handle this kind of login process? I guess it is necessary to set a default certificate that is paired with the user's credentials I am sending in the previous step in my script, but I dont know where.
What you set in JMeter's "system.properties" file only affects the client certificates for HTTP Request samplers.
WebDriver Sampler is a different beast, it uses Selenium libraries to automate the real browser hence you need to follow your browser documentation to learn how to automate the certificate selection process.
For example for
Chrome on Windows it's in registry
for Chrome on Linux/Unix it's under /etc/chromium/policies/managed folder
More information: AutoSelectCertificateForUrls
I'm under Ubuntu and I have already installed icedtea.
the is the applet I'm trying to execute is auto signed.
I know that there is a security config under icedtea to prevent such applet to be run.
I'm asking where/how can I add an exception so that website will be authorized to run his applet ?
You must add your certificate (the one you used to sign the applet) to your keystore.
The way to do this depends on your browser and operating system, you'l need to specify these for more help.
I am working on a small java applet tool, among other things to load some images from the hard disk, and upload them to the host server.
The problem is that I don't want a verified CA to sign it, and I need the Java security settings still on "high" in the Java control panel.
The applet should run on few computers, and is not publicly available.
Now when I load the HTML page, with the security settings on "high" (default/recommended), the JRE blocks this applet because it is not CA signed. Security set to "medium" works fine, but the security settings should not be lowered only for this tool.
Is there any way to sort of add this applet as a "trusted applet", allowing it to read files and connect it to the host server through a socket connection?
Thanks
Try adding yourself as a root CA on the browsers concerned.
I have signed a Java Applet jar using Verisign certificate.
When Java Applet is run from a html/javascript , a dialog box appears which asks whether the unknown certicate needs to be trusted or not & the Java Application should be run or not. When clicked on Run button(indicating Agreed) & checking(ticked on) the checkbox which indicates that the user is not asked everytime , the Java Applet window is displayed.
Kindly confirm whether even after signing the Java Applet with a certificate which belongs to a trusted thirty party Certifying Authority(CA) like Verisign , the first alert dialog asking for confirmation whether to run the untrusted Java application is normally asked or not.
That depends on the browser's configuration. Unless the signer of the certificate is one which the browser has already been configured to accept automatically, the user will still be prompted to accept the certificate at least once.
Remember, your code is asking permission to perform privileged actions on the user's machine. Just because your identity has been verified by a trusted third party, doesn't mean that the user must automatically trust your code.
To clarify Dan's answer: Yes, it will always ask the user the first time. This is the default configuration of the Java plug-in. The configuration could be changed, but that would be a very bad practice.
My application is creating an Applet which is using the OpenSC API to interact with an Aladdin eToken Pro smart card, and getting certificates from it.
The eToken card, at client, places the certificate in browsers certificate store. On server side client authentication is set too true. So server is requesting for client identification (client certificate).
I am able to access eToken using the applet in Internet Explorer, but in case of Firefox it prompts me to select the certificate identification. But in the selection area everything is blank.
The Popup message is "Request authentication. Please select certificate to be used for authentication" and selection area is blank.
A search on internet resulted in me discovering that I have to do jss configuration on Firefox adding (jss.dll and jss.jar), I have done this but the issue remains unresolved. I think the issue is java is not able to read firefox certificate store but it can read IE's certificate store.
Can anybody suggest me how to go about solving this problem?