0

さて、ほとんどすべての記事を読んでみましたが、ヒントは見つかりませんでした。

StartSSL から公式証明書を受け取った後も、UNKNOWN 発行者の警告なしにアプレットを起動できません。

使った

jarsigner Connect4Client.jar MyConnectCert

で確認しました

jarsigner -verify -verbose -certs Connect4Client.jar

そしてそれはすべてうまく見えます:

s k     1388 Thu May 09 14:04:54 PDT 2013 META-INF/MANIFEST.MF

      X.509, EMAILADDRESS=<personal>@gmail.com, CN=<personal>, L=<personal> CA, ST=California, C=US (myconnectcert)
      [certificate is valid from 5/8/13 5:32 PM to 5/9/15 8:38 PM]
      X.509, CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL (startcom.ca.sub.class2)
      [certificate is valid from 10/24/07 3:01 PM to 10/24/17 3:01 PM]
      X.509, CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL (startcom.ca)
      [certificate is valid from 9/17/06 12:46 PM to 9/17/36 12:46 PM]

        1550 Thu May 09 14:04:54 PDT 2013 META-INF/MYCONNEC.SF
        5771 Thu May 09 14:04:54 PDT 2013 META-INF/MYCONNEC.RSA
           0 Thu May 09 12:51:24 PDT 2013 META-INF/
smk     7437 Thu May 09 12:51:20 PDT 2013 Connect4.class

      X.509, EMAILADDRESS=<personal>@gmail.com, CN=<personal>, L=<personal> CA, ST=California, C=US (myconnectcert)
      [certificate is valid from 5/8/13 5:32 PM to 5/9/15 8:38 PM]
      X.509, CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL (startcom.ca.sub.class2)
      [certificate is valid from 10/24/07 3:01 PM to 10/24/17 3:01 PM]
      X.509, CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL (startcom.ca)
      [certificate is valid from 9/17/06 12:46 PM to 9/17/36 12:46 PM]

smk     2588 Thu May 09 12:51:22 PDT 2013 Connect4ClientConnection.class

      X.509, EMAILADDRESS=<personal>@gmail.com, CN=<personal>, L=<personal> CA, ST=California, C=US (myconnectcert)
      [certificate is valid from 5/8/13 5:32 PM to 5/9/15 8:38 PM]
      X.509, CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL (startcom.ca.sub.class2)
      [certificate is valid from 10/24/07 3:01 PM to 10/24/17 3:01 PM]
      X.509, CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL (startcom.ca)
      [certificate is valid from 9/17/06 12:46 PM to 9/17/36 12:46 PM]

smk     1410 Thu May 09 12:51:22 PDT 2013 Connect4Engine.class

      X.509, EMAILADDRESS=<personal>@gmail.com, CN=<personal>, L=<personal> CA, ST=California, C=US (myconnectcert)
      [certificate is valid from 5/8/13 5:32 PM to 5/9/15 8:38 PM]
      X.509, CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL (startcom.ca.sub.class2)
      [certificate is valid from 10/24/07 3:01 PM to 10/24/17 3:01 PM]
      X.509, CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL (startcom.ca)
      [certificate is valid from 9/17/06 12:46 PM to 9/17/36 12:46 PM]

smk     2901 Thu May 09 12:51:24 PDT 2013 Connect4State.class

      X.509, EMAILADDRESS=<personal>@gmail.com, CN=<personal>, L=<personal> CA, ST=California, C=US (myconnectcert)
      [certificate is valid from 5/8/13 5:32 PM to 5/9/15 8:38 PM]
      X.509, CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL (startcom.ca.sub.class2)
      [certificate is valid from 10/24/07 3:01 PM to 10/24/17 3:01 PM]
      X.509, CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL (startcom.ca)
      [certificate is valid from 9/17/06 12:46 PM to 9/17/36 12:46 PM]

smk     2002 Thu May 09 12:51:24 PDT 2013 SocketAction.class

      X.509, EMAILADDRESS=<personal>@gmail.com, CN=<personal>, L=<personal> CA, ST=California, C=US (myconnectcert)
      [certificate is valid from 5/8/13 5:32 PM to 5/9/15 8:38 PM]
      X.509, CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL (startcom.ca.sub.class2)
      [certificate is valid from 10/24/07 3:01 PM to 10/24/17 3:01 PM]
      X.509, CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL (startcom.ca)
      [certificate is valid from 9/17/06 12:46 PM to 9/17/36 12:46 PM]

smk    22593 Sat Apr 06 13:16:46 PST 1996 res/applause.au

      X.509, EMAILADDRESS=<personal>@gmail.com, CN=<personal>, L=<personal> CA, ST=California, C=US (myconnectcert)
      [certificate is valid from 5/8/13 5:32 PM to 5/9/15 8:38 PM]
      X.509, CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL (startcom.ca.sub.class2)
      [certificate is valid from 10/24/07 3:01 PM to 10/24/17 3:01 PM]
      X.509, CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL (startcom.ca)
      [certificate is valid from 9/17/06 12:46 PM to 9/17/36 12:46 PM]

smk     1864 Sat Apr 06 13:16:28 PST 1996 res/badmove.au

      X.509, EMAILADDRESS=<personal>@gmail.com, CN=<personal>, L=<personal> CA, ST=California, C=US (myconnectcert)
      [certificate is valid from 5/8/13 5:32 PM to 5/9/15 8:38 PM]
      X.509, CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL (startcom.ca.sub.class2)
      [certificate is valid from 10/24/07 3:01 PM to 10/24/17 3:01 PM]
      X.509, CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL (startcom.ca)
      [certificate is valid from 9/17/06 12:46 PM to 9/17/36 12:46 PM]

smk     1559 Sat Apr 06 13:16:06 PST 1996 res/bluemove.au

      X.509, EMAILADDRESS=<personal>@gmail.com, CN=<personal>, L=<personal> CA, ST=California, C=US (myconnectcert)
      [certificate is valid from 5/8/13 5:32 PM to 5/9/15 8:38 PM]
      X.509, CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL (startcom.ca.sub.class2)
      [certificate is valid from 10/24/07 3:01 PM to 10/24/17 3:01 PM]
      X.509, CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL (startcom.ca)
      [certificate is valid from 9/17/06 12:46 PM to 9/17/36 12:46 PM]

smk     1308 Sat Apr 06 11:43:16 PST 1996 res/blupiece.gif

      X.509, EMAILADDRESS=<personal>@gmail.com, CN=<personal>, L=<personal> CA, ST=California, C=US (myconnectcert)
      [certificate is valid from 5/8/13 5:32 PM to 5/9/15 8:38 PM]
      X.509, CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL (startcom.ca.sub.class2)
      [certificate is valid from 10/24/07 3:01 PM to 10/24/17 3:01 PM]
      X.509, CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL (startcom.ca)
      [certificate is valid from 9/17/06 12:46 PM to 9/17/36 12:46 PM]

smk    21870 Sat Apr 06 11:53:30 PST 1996 res/board.gif

      X.509, EMAILADDRESS=<personal>@gmail.com, CN=<personal>, L=<personal> CA, ST=California, C=US (myconnectcert)
      [certificate is valid from 5/8/13 5:32 PM to 5/9/15 8:38 PM]
      X.509, CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL (startcom.ca.sub.class2)
      [certificate is valid from 10/24/07 3:01 PM to 10/24/17 3:01 PM]
      X.509, CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL (startcom.ca)
      [certificate is valid from 9/17/06 12:46 PM to 9/17/36 12:46 PM]

smk      957 Tue Apr 09 17:51:48 PDT 1996 res/hand.gif

      X.509, EMAILADDRESS=<personal>@gmail.com, CN=<personal>, L=<personal> CA, ST=California, C=US (myconnectcert)
      [certificate is valid from 5/8/13 5:32 PM to 5/9/15 8:38 PM]
      X.509, CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL (startcom.ca.sub.class2)
      [certificate is valid from 10/24/07 3:01 PM to 10/24/17 3:01 PM]
      X.509, CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL (startcom.ca)
      [certificate is valid from 9/17/06 12:46 PM to 9/17/36 12:46 PM]

smk    15817 Sat Apr 06 13:15:50 PST 1996 res/newgame.au

      X.509, EMAILADDRESS=<personal>@gmail.com, CN=<personal>, L=<personal> CA, ST=California, C=US (myconnectcert)
      [certificate is valid from 5/8/13 5:32 PM to 5/9/15 8:38 PM]
      X.509, CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL (startcom.ca.sub.class2)
      [certificate is valid from 10/24/07 3:01 PM to 10/24/17 3:01 PM]
      X.509, CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL (startcom.ca)
      [certificate is valid from 9/17/06 12:46 PM to 9/17/36 12:46 PM]

smk     3874 Sat Apr 06 13:15:24 PST 1996 res/redmove.au

      X.509, EMAILADDRESS=<personal>@gmail.com, CN=<personal>, L=<personal> CA, ST=California, C=US (myconnectcert)
      [certificate is valid from 5/8/13 5:32 PM to 5/9/15 8:38 PM]
      X.509, CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL (startcom.ca.sub.class2)
      [certificate is valid from 10/24/07 3:01 PM to 10/24/17 3:01 PM]
      X.509, CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL (startcom.ca)
      [certificate is valid from 9/17/06 12:46 PM to 9/17/36 12:46 PM]

smk     1282 Sat Apr 06 11:42:40 PST 1996 res/redpiece.gif

      X.509, EMAILADDRESS=<personal>@gmail.com, CN=<personal>, L=<personal> CA, ST=California, C=US (myconnectcert)
      [certificate is valid from 5/8/13 5:32 PM to 5/9/15 8:38 PM]
      X.509, CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL (startcom.ca.sub.class2)
      [certificate is valid from 10/24/07 3:01 PM to 10/24/17 3:01 PM]
      X.509, CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL (startcom.ca)
      [certificate is valid from 9/17/06 12:46 PM to 9/17/36 12:46 PM]

smk    11720 Sat Apr 06 13:15:04 PST 1996 res/sad.au

      X.509, EMAILADDRESS=<personal>@gmail.com, CN=<personal>, L=<personal> CA, ST=California, C=US (myconnectcert)
      [certificate is valid from 5/8/13 5:32 PM to 5/9/15 8:38 PM]
      X.509, CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL (startcom.ca.sub.class2)
      [certificate is valid from 10/24/07 3:01 PM to 10/24/17 3:01 PM]
      X.509, CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL (startcom.ca)
      [certificate is valid from 9/17/06 12:46 PM to 9/17/36 12:46 PM]

           0 Wed Apr 17 00:57:50 PDT 2013 res/

  s = signature was verified 
  m = entry is listed in manifest
  k = at least one certificate was found in keystore
  i = at least one certificate was found in identity scope

jar verified.

では、なぜ発行元がまだ不明として表示されるのでしょうか? 私は何が欠けていますか?別の証明書ですか、これは Java 7 (インストールされている) または Safari (10.8) と関係がありますか? それとも、ブラウザーが StartCom を有効な CA として認識しないためでしょうか?

追加情報: Java コンソールを確認したところ、次の情報が得られました。

cache: Initialize resource manager: com.sun.deploy.cache.ResourceProviderImpl@63d1e70a
security: property package.access value sun.,com.sun.xml.internal.bind.,com.sun.xml.internal.org.jvnet.staxex.,com.sun.xml.internal.ws.,com.sun.imageio.,com.sun.istack.internal.,com.sun.jmx.,com.sun.proxy.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.org.glassfish.external.,com.sun.org.glassfish.gmbal.,apple.
security: property package.access new value sun.,com.sun.xml.internal.bind.,com.sun.xml.internal.org.jvnet.staxex.,com.sun.xml.internal.ws.,com.sun.imageio.,com.sun.istack.internal.,com.sun.jmx.,com.sun.proxy.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.org.glassfish.external.,com.sun.org.glassfish.gmbal.,apple.,com.sun.javaws,com.sun.deploy,com.sun.jnlp
security: property package.definition value sun.,com.sun.xml.internal.bind.,com.sun.xml.internal.org.jvnet.staxex.,com.sun.xml.internal.ws.,com.sun.imageio.,com.sun.istack.internal.,com.sun.jmx.,com.sun.proxy.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.org.glassfish.external.,com.sun.org.glassfish.gmbal.,apple.
security: property package.definition new value sun.,com.sun.xml.internal.bind.,com.sun.xml.internal.org.jvnet.staxex.,com.sun.xml.internal.ws.,com.sun.imageio.,com.sun.istack.internal.,com.sun.jmx.,com.sun.proxy.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.org.glassfish.external.,com.sun.org.glassfish.gmbal.,apple.,com.sun.javaws,com.sun.deploy,com.sun.jnlp
security: property package.access value sun.,com.sun.xml.internal.bind.,com.sun.xml.internal.org.jvnet.staxex.,com.sun.xml.internal.ws.,com.sun.imageio.,com.sun.istack.internal.,com.sun.jmx.,com.sun.proxy.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.org.glassfish.external.,com.sun.org.glassfish.gmbal.,apple.,com.sun.javaws,com.sun.deploy,com.sun.jnlp
security: property package.access new value sun.,com.sun.xml.internal.bind.,com.sun.xml.internal.org.jvnet.staxex.,com.sun.xml.internal.ws.,com.sun.imageio.,com.sun.istack.internal.,com.sun.jmx.,com.sun.proxy.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.org.glassfish.external.,com.sun.org.glassfish.gmbal.,apple.,com.sun.javaws,com.sun.deploy,com.sun.jnlp,org.mozilla.jss
security: property package.definition value sun.,com.sun.xml.internal.bind.,com.sun.xml.internal.org.jvnet.staxex.,com.sun.xml.internal.ws.,com.sun.imageio.,com.sun.istack.internal.,com.sun.jmx.,com.sun.proxy.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.org.glassfish.external.,com.sun.org.glassfish.gmbal.,apple.,com.sun.javaws,com.sun.deploy,com.sun.jnlp
security: property package.definition new value sun.,com.sun.xml.internal.bind.,com.sun.xml.internal.org.jvnet.staxex.,com.sun.xml.internal.ws.,com.sun.imageio.,com.sun.istack.internal.,com.sun.jmx.,com.sun.proxy.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.org.glassfish.external.,com.sun.org.glassfish.gmbal.,apple.,com.sun.javaws,com.sun.deploy,com.sun.jnlp,org.mozilla.jss
security: property package.access value sun.,com.sun.xml.internal.bind.,com.sun.xml.internal.org.jvnet.staxex.,com.sun.xml.internal.ws.,com.sun.imageio.,com.sun.istack.internal.,com.sun.jmx.,com.sun.proxy.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.org.glassfish.external.,com.sun.org.glassfish.gmbal.,apple.,com.sun.javaws,com.sun.deploy,com.sun.jnlp,org.mozilla.jss
security: property package.access new value sun.,com.sun.xml.internal.bind.,com.sun.xml.internal.org.jvnet.staxex.,com.sun.xml.internal.ws.,com.sun.imageio.,com.sun.istack.internal.,com.sun.jmx.,com.sun.proxy.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.org.glassfish.external.,com.sun.org.glassfish.gmbal.,apple.,com.sun.javaws,com.sun.deploy,com.sun.jnlp,org.mozilla.jss,com.sun.browser,com.sun.glass,com.sun.javafx,com.sun.media.jfxmedia,com.sun.media.jfxmediaimpl,com.sun.openpisces,com.sun.prism,com.sun.scenario,com.sun.t2k,com.sun.webpane,com.sun.pisces,com.sun.webkit
security: property package.definition value sun.,com.sun.xml.internal.bind.,com.sun.xml.internal.org.jvnet.staxex.,com.sun.xml.internal.ws.,com.sun.imageio.,com.sun.istack.internal.,com.sun.jmx.,com.sun.proxy.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.org.glassfish.external.,com.sun.org.glassfish.gmbal.,apple.,com.sun.javaws,com.sun.deploy,com.sun.jnlp,org.mozilla.jss
security: property package.definition new value sun.,com.sun.xml.internal.bind.,com.sun.xml.internal.org.jvnet.staxex.,com.sun.xml.internal.ws.,com.sun.imageio.,com.sun.istack.internal.,com.sun.jmx.,com.sun.proxy.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.org.glassfish.external.,com.sun.org.glassfish.gmbal.,apple.,com.sun.javaws,com.sun.deploy,com.sun.jnlp,org.mozilla.jss,com.sun.browser,com.sun.glass,com.sun.javafx,com.sun.media.jfxmedia,com.sun.media.jfxmediaimpl,com.sun.openpisces,com.sun.prism,com.sun.scenario,com.sun.t2k,com.sun.webpane,com.sun.pisces,com.sun.webkit
basic: tap installed
basic: Creating PluginEmbeddedFrame served by com.apple.java.jrs.carenderserver-12351
basic: Done creating PluginEmbeddedFrame
basic: Added progress listener: sun.plugin.util.ProgressMonitorAdapter@591882e6
basic: Plugin2ClassLoader.addURL parent called for file:/Users/<personal>/xxxxxxxxxx/Connect4Client.jar
security: Blacklist revocation check is enabled
security: Trusted libraries list check is enabled
security: Trusted libraries list file not found
network: Cache entry not found [url: file:/Users/<personal>/Desktop/xxxxxxxxxx/Connect4Client.jar, version: null]
security: Accessing keys and certificate in Mozilla user profile: null
security: Loading certificates from Deployment session certificate store
security: Loaded certificates from Deployment session certificate store
security: Validate the certificate chain using CertPath API
security: Loading Root CA certificates from /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/security/cacerts
security: Loaded Root CA certificates from /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/security/cacerts
security: Obtain certificate collection in Root CA certificate store
security: Obtain certificate collection in Root CA certificate store
security: Obtain certificate collection in Root CA certificate store
security: Obtain certificate collection in Root CA certificate store
security: The certificate hasnt been expired, no need to check timestamping info
security: Cannot find jurisdiction list file
security: The CRL support is disabled
security: The OCSP support is disabled
security: This OCSP End Entity validation is disabled
security: Checking if certificate is in Deployment denied certificate store
security: Checking if certificate is in Deployment permanent certificate store
security: Checking if certificate is in Deployment session certificate store

これは、StartCom からのオブジェクト コード署名証明書です。直前に StartCom 証明書を明示的にインポートして、これらが見つかったことを確認しましたが、それでもうまくいきませんでした。

4

1 に答える 1

1

答えを得た StartCom は、証明書はアプレット署名には機能しないと答えました。これは、いくつかのサイトで価格が高くなく、アプレット署名が有効になっていると具体的に述べられていることを考えると、私にとって大きな失望です. これは事実上真実ですが、問題は、彼らの証明書があなたが達成しようとしているものを解決しないということです. はぁ。

于 2013-05-12T04:54:04.667 に答える