Since this same warning shows up even going to the same location (https://jogl-demos.dev.java.net/applettest.html) under Safari, it's definitely not Firefox-related.
http://bugreport.apple.com/ is the best way to report this, since Apple maintains its own Java distribution for OS X (you cannot get an OS X version of Java from Sun). It requires a (free) ADC membership to actually submit a bug report; if you do not have one, you can get one by going to http://developer.apple.com/ and selecting (from the very top of the page, on the right side) "ADC Member Site". -Kyle H On Thu, Aug 14, 2008 at 1:05 AM, Nelson Bolyard <[EMAIL PROTECTED]> wrote: > bmo wrote on 2008-08-11 20:22 PDT: >> Summary: I suspect that there's something wrong with the BUILT-IN Root >> CA cert UTN-USERFirst-Object in Firefox 3.0.1. >> >> We were issued a code signing certificate which was signed by the UTN- >> USERFirst-Object cert built into Firefox (Comodo issues these). We >> have successfully signed our jar file with the certificate (verified >> with jarsigner -verify, etc.), however on Firefox 3.0.1 (on macosx), >> when our jar is loaded, we get a 'this applet was signed by <company >> name> however we cannot verify the signature' do you want to trust >> this applet? > > That apparent quote of the text of the error message is actually a misquote, > and the misquote was significant to our attempts to help > you diagnose the problem. The actual error message, as it appears > in the png files you posted, > > http://www.tryventi.com/certissue/trust1.png > http://www.tryventi.com/certissue/trust2.png > http://www.tryventi.com/certissue/trust3.png > http://www.tryventi.com/certissue/trust_not_for_sun.png > > was: > > The applet was signed by <company name> but *Java* cannot verify the > authenticity of the signature's certificate. Do you trust this > certificate? > > The crucial difference between the message as you quoted it, and the actual > message, is in who is speaking as the source of the error message. The > message actually says that _JAVA_ cannot verify the signature. > This error message is coming from Java, not from Firefox. Java has its > own code and its own store of certificates for signature verification. > It does not use the signature verification built into the browser, and > the browser relies entirely on Java to verify the signature on file of > MIME content-type application/java-archive (which these are). The browser > does not verify the signature, but passes the received JAR to Java to verify > it. > > Also note that it is not asking you if you trust the applet, but rather > it is asking you if you want to trust the certificate. If you answer > positively, I believe Java may store that certificate so that henceforth > you will not be asked about applets signed with that same cert. > > Your issue is with Java, I believe, not with Firefox. > I think you'll get more help in a Java support forum. > > Regards, > Nelson > _______________________________________________ > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto > _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
