picel meta
Imagen de 1 y 0 de applet Java

Solution to applet loading problem with latest Java version

With the update of the last version of JRE (Java in client), JRE 8u31 (or in my case 1.7.0_75 in Mac), we have verified that several users have problems to load Viafirma’s Java applet (in general it will happen with any Java applet) in several browsers, when the website is published over https with an SSL certificate issued by a Certification Authority not recognized by default by Java (many of the Electronic Administration portals in Spain). Not to go too much into details, since this is a post to help users of such portals (and in our case, especially for users of the Fundación Tripartita), this problem is because, for whatever reasons, browsers are not detecting the full certification path (the certificates of the different intermediate and root CAs).

For example, when we try to load the path https://viafirma.fundaciontripartita.org/viafirma the browser (in my case Firefox on Mac) forces us to accept the risk precisely because the connection could not be validated. On the screen it makes clear that “the sender’s string has not been provided”:

error_firefox

When I add the exception, if we analyze the certificate’s trust chain, we can see that Firefox is not detecting it:

Captura de pantalla 2015-01-23 a las 8.35.06

fnmt_ssl_path

Something that does happen, for example, with https://www.eacat.cat/viafirma, where the browser does detect the complete certification path and has no problem loading the certificate:

gencat_ssl_path

An uncomfortable but effective solution is to manually incorporate in our local Java configuration the trust in the different root and intermediate certification authorities of the SSL issuing Certification Authority; in the case of the Tripartita Foundation, FNMT. To do this, we will first download this ZIP file that contains these two public keys of the FNMT CAs:

  • fnmt-ca-ssl-certs

We unzip it, and then we will open the Java Control Panel:

panel_control_java

Click on Security and then on Manage Certificates; select in Certificate Type “Secure Site CA”, to be able to add the trust to the SSL certificates of the FNMT:

panel_control_java_seguridad_cert

Now we click on import and select our two trusted certificates from the site where we have unzipped it; if we cannot select them, we will have to change the combo that filters the type of certificate so that it takes any type, and we will select the two .cer certificates. At the end we will have something like this:

panel_control_java_seguridad_cert_import

And the applet will load correctly.

Do you have questions or need more details?

We are here to provide you with all the information you need.
Click here to speak to our sales team.

We’re just one step away!

The best electronic signature and digital signature solution for your business.

Scroll to Top