bmo wrote on 2008-08-11 20:22 PDT: > Summary: I suspect that there's something wrong with the BUILT-IN Root > CA cert UTN-USERFirst-Object in Firefox 3.0.1. > > We were issued a code signing certificate which was signed by the UTN- > USERFirst-Object cert built into Firefox (Comodo issues these). We > have successfully signed our jar file with the certificate (verified > with jarsigner -verify, etc.), however on Firefox 3.0.1 (on macosx), > when our jar is loaded, we get a 'this applet was signed by <company > name> however we cannot verify the signature' do you want to trust > this applet?
That apparent quote of the text of the error message is actually a misquote, and the misquote was significant to our attempts to help you diagnose the problem. The actual error message, as it appears in the png files you posted, http://www.tryventi.com/certissue/trust1.png http://www.tryventi.com/certissue/trust2.png http://www.tryventi.com/certissue/trust3.png http://www.tryventi.com/certissue/trust_not_for_sun.png was: The applet was signed by <company name> but *Java* cannot verify the authenticity of the signature's certificate. Do you trust this certificate? The crucial difference between the message as you quoted it, and the actual message, is in who is speaking as the source of the error message. The message actually says that _JAVA_ cannot verify the signature. This error message is coming from Java, not from Firefox. Java has its own code and its own store of certificates for signature verification. It does not use the signature verification built into the browser, and the browser relies entirely on Java to verify the signature on file of MIME content-type application/java-archive (which these are). The browser does not verify the signature, but passes the received JAR to Java to verify it. Also note that it is not asking you if you trust the applet, but rather it is asking you if you want to trust the certificate. If you answer positively, I believe Java may store that certificate so that henceforth you will not be asked about applets signed with that same cert. Your issue is with Java, I believe, not with Firefox. I think you'll get more help in a Java support forum. Regards, Nelson _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
