HomeActive Query Builder - HowTos and TroubleshootingActive Query Builder Java EditionHow to sign Java applet?

4.2. How to sign Java applet?

How To Sign an Applet?

To run an applet in a web browser you should sign it with digital certificate beforehand because applets are untrusted in security architecture of all browsers by default.

Certificate authorities typically charge a fee for the service of validating their clients' credentials. However, for testing and demo purposes, you may create a self-signed certificate. The information given in a self-signed certificate has not been validated by a trusted third party. If you plan to widely distribute the applet you should obtain a certificate that is validated by a trusted certificate authority. The procedure for this is beyond the scope of this tutorial.

1. Make sure your applet is compiled to JAR file. The applet must be in a JAR file before a certificate can be attached to it. If the applet was previously referenced with the help of a 'codebase' attribute in the <applet> tag of the HTML file, replace the 'codebase' attribute with the 'archive' attribute. The value of the 'archive' attribute is the URL of a JAR file.

2. Create a public/private key pair. The command for this is

keytool -genkey

The keytool is SDK utility. It will prompt you for a password to your keystore and  for the remaining parameters, one of which is alias, whose value is the name of the key. The keystore is a file that contains your public/private key-pairs, and the public-keys  of others with whom you exchange information.


3. Create a certificate for the key you created in the previous step.

keytool -selfcert

Again, the keytool will prompt you for a keystore password and remaining parameters. This certificate is now self-signed by you, meaning that it has not been validated by any third party. 

4. Run jarsigner to associate this certificate with the JAR file that contains your applet.

jarsigner AppletDemo.jar mykey

mykey is the name of the public key of the certificate you just created. This creates a digest for each file in your JAR and signs them with your private key. These digests or hashes, the public key, and the certificate will all be included in the "META-INF" directory of the JAR file.

This page was: Helpful | Not Helpful