Signed Applets - Help!!!

Arron Ferguson (aferguso@bcit.bc.ca)
Thu, 25 Mar 1999 03:15:37 -0800

Date: Thu, 25 Mar 1999 03:15:37 -0800
From: Arron Ferguson <aferguso@bcit.bc.ca>
To: java-security@java.sun.com
Subject: Signed Applets - Help!!!

My name is Arron Ferguson and I'm a Java Instructor at BCIT in
Vancouver, British Columbia Canada. I am trying for the life of me to
understand and correctly use "signed Applets" in JDK1.2 but am failing
miserably.

I have used Jar to create a valid Jar file:
jar cf gui.jar *.class

I have used keytool to create my ".keystore" file I know it's there and
works.

I have used keytool to create a self-signed certificate:
keytool -selfcert -alias arron -keypass smokin -dname "cn=Arron
Ferguson, ou=Multimedia, o=BCIT, c=CA"

I check to see if it's there:
keytool -list <then I type my pwd>

I then use Jarsigner to sign the jar:
jarsigner gui.jar arron <then I type my pwd>

I even double check my jar by typing:
jarsigner -verify gui.jar arron <then I type my pwd>

Then I open the HTML file that points to the jar file (my tags are all
correct), in Netscape 4.5 and I get the following error messages in the
Java console window:

Netscape Communications Corporation -- Java 1.1.5

Type '?' for options.

Symantec Java! ByteCode Compiler Version 210.065
Copyright (C) 1996-97 Symantec Corporation
# Error: Invalid Hash of this JAR entry (-7882)
# jar file: C:\TEMP\jzipGE3D.TMP
# path: model.class
# Error: The certificate is not approved for the attempted application.
(-8101)
# jar file: C:\TEMP\jzipGE3D.TMP
# path: C:\TEMP\jzipGE3D.TMP
# Error: loading of signatures has failed (-1)
# jar file: C:\TEMP\jzipGE3D.TMP
# path: /F|/code/

I have absolutely no idea and I would really like to be able to show my
students how signed Applets work. The online docs are sketchy and all
other instructors I know are not familiar with signed Applets (not to
mention in 1.2). Please help!!!

I'm running:
- Windoze NT 4.0
- Netscape 4.5
-JDK1.2 (final release)