Wednesday, May 10, 2006

How to remove a trusted applet

I'm testing a self-signed Java applet. When I first loaded a page containing the applet into Firefox, I got the usual message about whether or not to trust the publisher of the applet ("The application's digital signature is invalid..."). I checked the box to "Always trust content from this publisher...", because I didn't want to be faced with that message every time I hit the page.

Today I wanted to test the process as it would appear to a new user, so I really needed to "untrust" that applet... revoke its privileges... remove its certificate... not sure of the correct terminology. Which is probably why it took me so long to find out how to do this. Firefox has a "Certificate Manager", but I couldn't find the digital signature in there anywhere, that's not the answer (FYI, the Firefox certificate manager is under Tools -> Options -> Advanced -> Manage Certificates).

It turns out that if you want to revoke your trust in an applet that you've agreed to always trust, you have to use the Java Control Panel. This tool is found in the jre/bin directory. This is the same directory that contains java.exe, keytool.exe, etc if you are in Windows. For example, it may be here:

C:\Program Files\Java\jre1.5.0_06\bin\javacpl.exe

When you run javacpl.exe, go to the Security panel and click on the Certificates button. You should see the Certificate for your applet there. You can delete it, and then when you load your web page, you should get the popup security warning again.

6 Comments:

Blogger enderandpeter said...

This comment has been removed by the author.

3:02 PM  
Blogger enderandpeter said...

^^^ BTW, I removed my first comment because it had typos and the site wouldn't let me edit it:

Thanks alot for this guide. It's hard to say why no one else has expressed any gratitude.

I'm developing a web page application for a users on a network where I'm also self-signing the applet. I'm hoping that if they say "Always trust...", it won't allow any applet with an UNKNOWN publisher to run. When I look at the Java Control Panel, I see it has my name as the issuer and issuee, which leads me to think that different applets signed with different author names would produce separate warnings. Might you know how that all goes?

3:04 PM  
Blogger Tee Chess said...

Thanks for sharing the exact way to solve this issue. I am facing issues doing the same and is searching for a good solution. I will do the suggested steps and thanks again.
digital signatures

11:00 PM  
Blogger Justin Goldberg said...

Thank you so much! A great help.

8:04 AM  
Blogger Justin Goldberg said...

Thank you so much! A great help. It's so easy to click "i trust this publisher".

8:04 AM  
Blogger Justin Goldberg said...

Thank you so much! A great help. It's so easy to click "i trust this publisher".

8:04 AM  

Post a Comment

<< Home