| Damian Morris 2005-05-09, 3:59 am |
| I have a signed application that runs flawlessly under WebStart in 1.4
JDKs/JREs (on WinXP/2K, Linux and MacOS X) that refuses to run under
WebStart in 1.5 JDKs (on both Windows and Linux; haven't tried on MacOS).
The error occurs when the certificate is validated (this is from 1.5.0_03):
java.security.cert.CeritificateException: Check leaf key usage failed in
certificate
at
com.sun.deploy.security.CertUtils.checkUsageForCodeSigning(CertUtils.java:102)
...
I've tried 1.5.0 (Windows & Linux) and 1.5.0_03 (Linux), with the same
error each time. I know of several others who have also been unable to
run my application under 1.5.0; I don't know of anyone who has been able
to run it under 1.5.0.
I'm using a code-signing certificate bought from Thawte. I've tried
using jarsigner from both 1.4 and 1.5, but get the same results each
time. From the exception, it seems likely that 1.5.0 doesn't believe
that the certificate used to sign the code can be used for code-signing,
but I don't know why it would come to this conclusion.
I've successfully run this app using WebStart under 1.4.2_01, 1.4.2_03
and 1.4.2_06, on Linux and WinXP/2K (ie these JDKs all successfully
validate the certificate used to sign the app and prompt the user as
expected), plus various Apple 1.4 JVMs.
Google hasn't been of any assistance, so any help would be greatly
appreciated.
Cheers,
Damian
|