Reputation:
Enabling https for Java Webstart
I have a swing application deployed in HTTP Server. Users use the browser to point an URL and install the client using java webstart. Now I need to enable https access to my application deployed on HTTP server. I am using JDK 1.5 as default jdk supported in the jnlp file. For time being I use a self signed certificate to the sign the jars (by default created using Sun's jarsigner, keytool, etc, utils).
Solution/steps would be much appreciated.
Thanks in advance
Ramesh
Upvotes: 3
Views: 8364
Answers (3)
Reputation: 48067
What is the feature of https that you are hoping to leverage?
- The signing/server authentication is done by code signing, though you are undermining this using a self-signed certificate.
- Does your application code contain secrets that must be hidden from eavesdroppers?
As you say you "need to enable" there must be an underlying reason.
I believe that before you "need https" you need a proper code signing certificate. You might want to rephrase your question so that your underlying problem can be solved instead of the very specific question.
Upvotes: 0
Reputation: 674
You need to enable HTTPS on the web server. To get the certificate you need to provide credentials and the host name of the server to a certificate authority (CA) like VeriSign or Thawte. They can provide you with a server certificate signed by their root certificate or some intermediate certificate. This certificate must then be imported into the web server to enable HTTPS over SSL. The web clients, like a browser or webstart will then verify the certificate chain when accessing the server.
If you use a self signed jar, all your users will be presented with a warning message about potentially unsafe code. To avoid this you should get a code signing certificate from a CA, which would be somewhat similar to the web server certificate. This CA-provided certificate can be imported into the keystore and used in the same way you use the self signed certificate. The code signing certificate will be signed by the CA so that the certificate chain can be verified by webstart.
Upvotes: 2
Reputation: 24629
As far as I understand your question you don't need to change anything to your code of the client. If you only want to give access to the JNLP via HTTPS you would only need to reconfigure the application server distributing the JNLP or if you have a webserver in front of the application server (as we do here: user - https -> apache -> AJP -> tomcat) you need to reconfigure the webserver to allow the access to the JNLP via HTTPS.
Upvotes: 2
Related Questions
- java web start jnlp Application is Blocked by Java Security on apache https web server
- How do you start a java servlet over https?
- Java Web Start Application Run from HTTPS Server Blocked By Java Security
- Java jnlp application blocked by Security settings
- How can I force Java Web Start to run a self-signed JNLP?
- java JNLP error: javax.net.ssl.SSLHandshakeException
- Java Webstart Certificate Issue with JNLP versioning
- FileNotFoundException starting 1.4.2 webstart application with java webstart 1.6 over HTTPS
- Java Webstart Truststore SSL
- Java Web Start with Signed