0

好吧,我尝试阅读几乎所有文章,但我没有找到任何提示。

从 StartSSL 收到我的官方证书后,我仍然无法在没有 UNKNOWN 发布者警告的情况下启动我的小程序。

我用了

jarsigner Connect4Client.jar MyConnectCert

我检查过

jarsigner -verify -verbose -certs Connect4Client.jar

看起来一切都很好:

s k     1388 Thu May 09 14:04:54 PDT 2013 META-INF/MANIFEST.MF

      X.509, EMAILADDRESS=<personal>@gmail.com, CN=<personal>, L=<personal> CA, ST=California, C=US (myconnectcert)
      [certificate is valid from 5/8/13 5:32 PM to 5/9/15 8:38 PM]
      X.509, CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL (startcom.ca.sub.class2)
      [certificate is valid from 10/24/07 3:01 PM to 10/24/17 3:01 PM]
      X.509, CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL (startcom.ca)
      [certificate is valid from 9/17/06 12:46 PM to 9/17/36 12:46 PM]

        1550 Thu May 09 14:04:54 PDT 2013 META-INF/MYCONNEC.SF
        5771 Thu May 09 14:04:54 PDT 2013 META-INF/MYCONNEC.RSA
           0 Thu May 09 12:51:24 PDT 2013 META-INF/
smk     7437 Thu May 09 12:51:20 PDT 2013 Connect4.class

      X.509, EMAILADDRESS=<personal>@gmail.com, CN=<personal>, L=<personal> CA, ST=California, C=US (myconnectcert)
      [certificate is valid from 5/8/13 5:32 PM to 5/9/15 8:38 PM]
      X.509, CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL (startcom.ca.sub.class2)
      [certificate is valid from 10/24/07 3:01 PM to 10/24/17 3:01 PM]
      X.509, CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL (startcom.ca)
      [certificate is valid from 9/17/06 12:46 PM to 9/17/36 12:46 PM]

smk     2588 Thu May 09 12:51:22 PDT 2013 Connect4ClientConnection.class

      X.509, EMAILADDRESS=<personal>@gmail.com, CN=<personal>, L=<personal> CA, ST=California, C=US (myconnectcert)
      [certificate is valid from 5/8/13 5:32 PM to 5/9/15 8:38 PM]
      X.509, CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL (startcom.ca.sub.class2)
      [certificate is valid from 10/24/07 3:01 PM to 10/24/17 3:01 PM]
      X.509, CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL (startcom.ca)
      [certificate is valid from 9/17/06 12:46 PM to 9/17/36 12:46 PM]

smk     1410 Thu May 09 12:51:22 PDT 2013 Connect4Engine.class

      X.509, EMAILADDRESS=<personal>@gmail.com, CN=<personal>, L=<personal> CA, ST=California, C=US (myconnectcert)
      [certificate is valid from 5/8/13 5:32 PM to 5/9/15 8:38 PM]
      X.509, CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL (startcom.ca.sub.class2)
      [certificate is valid from 10/24/07 3:01 PM to 10/24/17 3:01 PM]
      X.509, CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL (startcom.ca)
      [certificate is valid from 9/17/06 12:46 PM to 9/17/36 12:46 PM]

smk     2901 Thu May 09 12:51:24 PDT 2013 Connect4State.class

      X.509, EMAILADDRESS=<personal>@gmail.com, CN=<personal>, L=<personal> CA, ST=California, C=US (myconnectcert)
      [certificate is valid from 5/8/13 5:32 PM to 5/9/15 8:38 PM]
      X.509, CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL (startcom.ca.sub.class2)
      [certificate is valid from 10/24/07 3:01 PM to 10/24/17 3:01 PM]
      X.509, CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL (startcom.ca)
      [certificate is valid from 9/17/06 12:46 PM to 9/17/36 12:46 PM]

smk     2002 Thu May 09 12:51:24 PDT 2013 SocketAction.class

      X.509, EMAILADDRESS=<personal>@gmail.com, CN=<personal>, L=<personal> CA, ST=California, C=US (myconnectcert)
      [certificate is valid from 5/8/13 5:32 PM to 5/9/15 8:38 PM]
      X.509, CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL (startcom.ca.sub.class2)
      [certificate is valid from 10/24/07 3:01 PM to 10/24/17 3:01 PM]
      X.509, CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL (startcom.ca)
      [certificate is valid from 9/17/06 12:46 PM to 9/17/36 12:46 PM]

smk    22593 Sat Apr 06 13:16:46 PST 1996 res/applause.au

      X.509, EMAILADDRESS=<personal>@gmail.com, CN=<personal>, L=<personal> CA, ST=California, C=US (myconnectcert)
      [certificate is valid from 5/8/13 5:32 PM to 5/9/15 8:38 PM]
      X.509, CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL (startcom.ca.sub.class2)
      [certificate is valid from 10/24/07 3:01 PM to 10/24/17 3:01 PM]
      X.509, CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL (startcom.ca)
      [certificate is valid from 9/17/06 12:46 PM to 9/17/36 12:46 PM]

smk     1864 Sat Apr 06 13:16:28 PST 1996 res/badmove.au

      X.509, EMAILADDRESS=<personal>@gmail.com, CN=<personal>, L=<personal> CA, ST=California, C=US (myconnectcert)
      [certificate is valid from 5/8/13 5:32 PM to 5/9/15 8:38 PM]
      X.509, CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL (startcom.ca.sub.class2)
      [certificate is valid from 10/24/07 3:01 PM to 10/24/17 3:01 PM]
      X.509, CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL (startcom.ca)
      [certificate is valid from 9/17/06 12:46 PM to 9/17/36 12:46 PM]

smk     1559 Sat Apr 06 13:16:06 PST 1996 res/bluemove.au

      X.509, EMAILADDRESS=<personal>@gmail.com, CN=<personal>, L=<personal> CA, ST=California, C=US (myconnectcert)
      [certificate is valid from 5/8/13 5:32 PM to 5/9/15 8:38 PM]
      X.509, CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL (startcom.ca.sub.class2)
      [certificate is valid from 10/24/07 3:01 PM to 10/24/17 3:01 PM]
      X.509, CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL (startcom.ca)
      [certificate is valid from 9/17/06 12:46 PM to 9/17/36 12:46 PM]

smk     1308 Sat Apr 06 11:43:16 PST 1996 res/blupiece.gif

      X.509, EMAILADDRESS=<personal>@gmail.com, CN=<personal>, L=<personal> CA, ST=California, C=US (myconnectcert)
      [certificate is valid from 5/8/13 5:32 PM to 5/9/15 8:38 PM]
      X.509, CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL (startcom.ca.sub.class2)
      [certificate is valid from 10/24/07 3:01 PM to 10/24/17 3:01 PM]
      X.509, CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL (startcom.ca)
      [certificate is valid from 9/17/06 12:46 PM to 9/17/36 12:46 PM]

smk    21870 Sat Apr 06 11:53:30 PST 1996 res/board.gif

      X.509, EMAILADDRESS=<personal>@gmail.com, CN=<personal>, L=<personal> CA, ST=California, C=US (myconnectcert)
      [certificate is valid from 5/8/13 5:32 PM to 5/9/15 8:38 PM]
      X.509, CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL (startcom.ca.sub.class2)
      [certificate is valid from 10/24/07 3:01 PM to 10/24/17 3:01 PM]
      X.509, CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL (startcom.ca)
      [certificate is valid from 9/17/06 12:46 PM to 9/17/36 12:46 PM]

smk      957 Tue Apr 09 17:51:48 PDT 1996 res/hand.gif

      X.509, EMAILADDRESS=<personal>@gmail.com, CN=<personal>, L=<personal> CA, ST=California, C=US (myconnectcert)
      [certificate is valid from 5/8/13 5:32 PM to 5/9/15 8:38 PM]
      X.509, CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL (startcom.ca.sub.class2)
      [certificate is valid from 10/24/07 3:01 PM to 10/24/17 3:01 PM]
      X.509, CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL (startcom.ca)
      [certificate is valid from 9/17/06 12:46 PM to 9/17/36 12:46 PM]

smk    15817 Sat Apr 06 13:15:50 PST 1996 res/newgame.au

      X.509, EMAILADDRESS=<personal>@gmail.com, CN=<personal>, L=<personal> CA, ST=California, C=US (myconnectcert)
      [certificate is valid from 5/8/13 5:32 PM to 5/9/15 8:38 PM]
      X.509, CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL (startcom.ca.sub.class2)
      [certificate is valid from 10/24/07 3:01 PM to 10/24/17 3:01 PM]
      X.509, CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL (startcom.ca)
      [certificate is valid from 9/17/06 12:46 PM to 9/17/36 12:46 PM]

smk     3874 Sat Apr 06 13:15:24 PST 1996 res/redmove.au

      X.509, EMAILADDRESS=<personal>@gmail.com, CN=<personal>, L=<personal> CA, ST=California, C=US (myconnectcert)
      [certificate is valid from 5/8/13 5:32 PM to 5/9/15 8:38 PM]
      X.509, CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL (startcom.ca.sub.class2)
      [certificate is valid from 10/24/07 3:01 PM to 10/24/17 3:01 PM]
      X.509, CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL (startcom.ca)
      [certificate is valid from 9/17/06 12:46 PM to 9/17/36 12:46 PM]

smk     1282 Sat Apr 06 11:42:40 PST 1996 res/redpiece.gif

      X.509, EMAILADDRESS=<personal>@gmail.com, CN=<personal>, L=<personal> CA, ST=California, C=US (myconnectcert)
      [certificate is valid from 5/8/13 5:32 PM to 5/9/15 8:38 PM]
      X.509, CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL (startcom.ca.sub.class2)
      [certificate is valid from 10/24/07 3:01 PM to 10/24/17 3:01 PM]
      X.509, CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL (startcom.ca)
      [certificate is valid from 9/17/06 12:46 PM to 9/17/36 12:46 PM]

smk    11720 Sat Apr 06 13:15:04 PST 1996 res/sad.au

      X.509, EMAILADDRESS=<personal>@gmail.com, CN=<personal>, L=<personal> CA, ST=California, C=US (myconnectcert)
      [certificate is valid from 5/8/13 5:32 PM to 5/9/15 8:38 PM]
      X.509, CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL (startcom.ca.sub.class2)
      [certificate is valid from 10/24/07 3:01 PM to 10/24/17 3:01 PM]
      X.509, CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL (startcom.ca)
      [certificate is valid from 9/17/06 12:46 PM to 9/17/36 12:46 PM]

           0 Wed Apr 17 00:57:50 PDT 2013 res/

  s = signature was verified 
  m = entry is listed in manifest
  k = at least one certificate was found in keystore
  i = at least one certificate was found in identity scope

jar verified.

那么为什么发布者仍然显示为未知?我错过了什么?另一个证书还是与 Java 7(已安装)或 Safari(10.8)有关?还是因为浏览器没有将 StartCom 识别为有效的 CA?

附加信息:我检查了 java 控制台并得到以下信息:

cache: Initialize resource manager: com.sun.deploy.cache.ResourceProviderImpl@63d1e70a
security: property package.access value sun.,com.sun.xml.internal.bind.,com.sun.xml.internal.org.jvnet.staxex.,com.sun.xml.internal.ws.,com.sun.imageio.,com.sun.istack.internal.,com.sun.jmx.,com.sun.proxy.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.org.glassfish.external.,com.sun.org.glassfish.gmbal.,apple.
security: property package.access new value sun.,com.sun.xml.internal.bind.,com.sun.xml.internal.org.jvnet.staxex.,com.sun.xml.internal.ws.,com.sun.imageio.,com.sun.istack.internal.,com.sun.jmx.,com.sun.proxy.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.org.glassfish.external.,com.sun.org.glassfish.gmbal.,apple.,com.sun.javaws,com.sun.deploy,com.sun.jnlp
security: property package.definition value sun.,com.sun.xml.internal.bind.,com.sun.xml.internal.org.jvnet.staxex.,com.sun.xml.internal.ws.,com.sun.imageio.,com.sun.istack.internal.,com.sun.jmx.,com.sun.proxy.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.org.glassfish.external.,com.sun.org.glassfish.gmbal.,apple.
security: property package.definition new value sun.,com.sun.xml.internal.bind.,com.sun.xml.internal.org.jvnet.staxex.,com.sun.xml.internal.ws.,com.sun.imageio.,com.sun.istack.internal.,com.sun.jmx.,com.sun.proxy.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.org.glassfish.external.,com.sun.org.glassfish.gmbal.,apple.,com.sun.javaws,com.sun.deploy,com.sun.jnlp
security: property package.access value sun.,com.sun.xml.internal.bind.,com.sun.xml.internal.org.jvnet.staxex.,com.sun.xml.internal.ws.,com.sun.imageio.,com.sun.istack.internal.,com.sun.jmx.,com.sun.proxy.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.org.glassfish.external.,com.sun.org.glassfish.gmbal.,apple.,com.sun.javaws,com.sun.deploy,com.sun.jnlp
security: property package.access new value sun.,com.sun.xml.internal.bind.,com.sun.xml.internal.org.jvnet.staxex.,com.sun.xml.internal.ws.,com.sun.imageio.,com.sun.istack.internal.,com.sun.jmx.,com.sun.proxy.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.org.glassfish.external.,com.sun.org.glassfish.gmbal.,apple.,com.sun.javaws,com.sun.deploy,com.sun.jnlp,org.mozilla.jss
security: property package.definition value sun.,com.sun.xml.internal.bind.,com.sun.xml.internal.org.jvnet.staxex.,com.sun.xml.internal.ws.,com.sun.imageio.,com.sun.istack.internal.,com.sun.jmx.,com.sun.proxy.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.org.glassfish.external.,com.sun.org.glassfish.gmbal.,apple.,com.sun.javaws,com.sun.deploy,com.sun.jnlp
security: property package.definition new value sun.,com.sun.xml.internal.bind.,com.sun.xml.internal.org.jvnet.staxex.,com.sun.xml.internal.ws.,com.sun.imageio.,com.sun.istack.internal.,com.sun.jmx.,com.sun.proxy.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.org.glassfish.external.,com.sun.org.glassfish.gmbal.,apple.,com.sun.javaws,com.sun.deploy,com.sun.jnlp,org.mozilla.jss
security: property package.access value sun.,com.sun.xml.internal.bind.,com.sun.xml.internal.org.jvnet.staxex.,com.sun.xml.internal.ws.,com.sun.imageio.,com.sun.istack.internal.,com.sun.jmx.,com.sun.proxy.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.org.glassfish.external.,com.sun.org.glassfish.gmbal.,apple.,com.sun.javaws,com.sun.deploy,com.sun.jnlp,org.mozilla.jss
security: property package.access new value sun.,com.sun.xml.internal.bind.,com.sun.xml.internal.org.jvnet.staxex.,com.sun.xml.internal.ws.,com.sun.imageio.,com.sun.istack.internal.,com.sun.jmx.,com.sun.proxy.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.org.glassfish.external.,com.sun.org.glassfish.gmbal.,apple.,com.sun.javaws,com.sun.deploy,com.sun.jnlp,org.mozilla.jss,com.sun.browser,com.sun.glass,com.sun.javafx,com.sun.media.jfxmedia,com.sun.media.jfxmediaimpl,com.sun.openpisces,com.sun.prism,com.sun.scenario,com.sun.t2k,com.sun.webpane,com.sun.pisces,com.sun.webkit
security: property package.definition value sun.,com.sun.xml.internal.bind.,com.sun.xml.internal.org.jvnet.staxex.,com.sun.xml.internal.ws.,com.sun.imageio.,com.sun.istack.internal.,com.sun.jmx.,com.sun.proxy.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.org.glassfish.external.,com.sun.org.glassfish.gmbal.,apple.,com.sun.javaws,com.sun.deploy,com.sun.jnlp,org.mozilla.jss
security: property package.definition new value sun.,com.sun.xml.internal.bind.,com.sun.xml.internal.org.jvnet.staxex.,com.sun.xml.internal.ws.,com.sun.imageio.,com.sun.istack.internal.,com.sun.jmx.,com.sun.proxy.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.org.glassfish.external.,com.sun.org.glassfish.gmbal.,apple.,com.sun.javaws,com.sun.deploy,com.sun.jnlp,org.mozilla.jss,com.sun.browser,com.sun.glass,com.sun.javafx,com.sun.media.jfxmedia,com.sun.media.jfxmediaimpl,com.sun.openpisces,com.sun.prism,com.sun.scenario,com.sun.t2k,com.sun.webpane,com.sun.pisces,com.sun.webkit
basic: tap installed
basic: Creating PluginEmbeddedFrame served by com.apple.java.jrs.carenderserver-12351
basic: Done creating PluginEmbeddedFrame
basic: Added progress listener: sun.plugin.util.ProgressMonitorAdapter@591882e6
basic: Plugin2ClassLoader.addURL parent called for file:/Users/<personal>/xxxxxxxxxx/Connect4Client.jar
security: Blacklist revocation check is enabled
security: Trusted libraries list check is enabled
security: Trusted libraries list file not found
network: Cache entry not found [url: file:/Users/<personal>/Desktop/xxxxxxxxxx/Connect4Client.jar, version: null]
security: Accessing keys and certificate in Mozilla user profile: null
security: Loading certificates from Deployment session certificate store
security: Loaded certificates from Deployment session certificate store
security: Validate the certificate chain using CertPath API
security: Loading Root CA certificates from /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/security/cacerts
security: Loaded Root CA certificates from /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/security/cacerts
security: Obtain certificate collection in Root CA certificate store
security: Obtain certificate collection in Root CA certificate store
security: Obtain certificate collection in Root CA certificate store
security: Obtain certificate collection in Root CA certificate store
security: The certificate hasnt been expired, no need to check timestamping info
security: Cannot find jurisdiction list file
security: The CRL support is disabled
security: The OCSP support is disabled
security: This OCSP End Entity validation is disabled
security: Checking if certificate is in Deployment denied certificate store
security: Checking if certificate is in Deployment permanent certificate store
security: Checking if certificate is in Deployment session certificate store

这是 StartCom 的目标代码签名证书。我之前明确导入了 StartCom 证书以确保找到这些证书,但仍然没有成功。

4

1 回答 1

1

得到了答案,StartCom 回复说他们的证书不适用于 Applet 签名,这对我来说是一个很大的失望,因为我发现他们的定价在某些网站上特别提到它们并不昂贵并且他们启用了 Applet 签名。这实际上是正确的,但问题是他们的证书无法解决您想要实现的目标。叹。

于 2013-05-12T04:54:04.667 回答