Marvin applet with SSL

Dear support,





I'm using unsigned applet of Marvin in order not to get the popup of certificate acceptation.


I tried to use the applet in an SSL secure website (HTTPS), but now I have a popup that detect the applet as untrusted applet.





My goal is to use Marvin applet without having any popup of certificate acceptation or trustability.





Do you think that if I sign marvin applet with SSL certificate I won't get any message?


Is it possible to sign marvin applet with using an other certificate?





Thank you for your help





Kind regards


Jacques

Dear Jacques,





As I know, an SSL certificate secures a section of your web site. It provides that encrypting all data being transferred if the customer uses the HTTPS protocol to access the site (https://...).


Marvin applets are signed to be able to access the file system of the client's machine (read/write). Copy/paste between Marvin applets and other applications also requires signed applets.


I am not an expert in SSL certification. I do not know how you can sign an applet with an SSL certificate. But I don't believe that it could substitute an applet certificate.





If you bother the popup windows, answer "Always" to the browser's question when it asks to accept the certification of the applet. In this case, this popup window never display again.





If you use SSL secure website, the situation is the same than in the above case. Browser will always asks to accept the certificate of the site unless you accept it permanently at the first time.





Probably, you have got a warning on the applet's page when you access it through the HTTPS protocol that the page contains unsecure content. It means that the page contains URL-s to unsecure pages. In this case, you should filter these links and substitute them to secure ones.





Best regards,


Tamas

thank you for your answer.


Actually the problem is that using the unsigned applet give a warning saying that "the company that give the certificate is untrustable".


So if we use the signed applet of Marvin we won't get the warning again?





Thanks a lot for your answer


Kind regards,


Jacques

Quote:

So if we use the signed applet of Marvin we won't get the warning again?

I hope...

But as we use the AWT applet which is unsigned, can we sign it ourself?

Oh, so you use AWT? I have belived you use Swing. Why do you use the AWT version?


Signing AWT is not an easy work:


1. Some old Java (1.0 and 1.1) can not supported signed applets. Thus, it can be problem if you try to run them in those browser which uses these old Java versions.


2. If you want to sign Marvin AWT applets, you should wrap all classes into one or more signed jars.





I suggest you to try signed (Swing) Marvin applet on your secure site to check that signed applet is really solve your certification problem or not.





By the way, thinking over your error message, I don't understand why the browser "fears" from this applet. Unsigned applet can not do any sensitive operation on the local machine. So it can not be dangerous to the user's system.