1

I am trying to run a .jnlp file using javaws. It produces this error:

Caused by: net.sourceforge.jnlp.LaunchException: Fatal: 
Application Error: The JNLP application is not fully signed
by a single cert. The JNLP application has its components 
individually signed, however there must be a common signer to 
all entries.

It seems that the local java VM imposes these security restrictions. Now I am sure that the source of this .jnlp file is safe, and I really want to run it. To make it worse, downloading and opening the same file in Windows does work. No idea why that is?

How can I tell javaws to ignore this issue?

javaws -version: icedtea-web 1.6.2 (1.6.2-3.1)

debian stretch, kernel Linux 4.9.0-8-amd64

Edit: This post is considered a dupe of Running unsigned javaws code

However all possible solutions there do not work for me:

Adding:

deployment.security.level=ALLOW_UNSIGNED

to 

.java/deployment/deployment.properties

Did not work. Also, the statement that ~/.config/icedtea.web is an alias of .java/deployment is not true. The file does not exist at all in ~/.config/icedtea.web. At least not on my system. I linked the deployment.prpoerties to ~/.config/icedtea.web. To no avail.

I created a link so that ~/.config/icedtea.web points to .java/deployment/. Did not work either.

Then, it was recommended to comment out disabledAlgorithms in 

/etc/java-*-openjdk/security/java.security

I have multiple java.security files on my system, including in /etc and /usr. I commented out this line in all java.security files present on my system.

So maybe the post is a dupe of a similar problem, apparently it is something different as the proposed solutions do not solve the problem.

What information more can I provide to get closer to the cause? And why does it work in Windows right away without altering any security setting?

Johannes Linkels
  • 129
  • 1
  • 6
  • Possible duplicate of [Running unsigned javaws code](https://unix.stackexchange.com/questions/143805/running-unsigned-javaws-code) – Haxiel Feb 01 '19 at 09:22
  • I have seen that post. I have set deployment.security.level=ALLOW_UNSIGNED. I have set jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024. I have tried javaws -nosecurity main.jnlp. It sounds logical that I can tell java to run with less or no security. No effect, however. – Johannes Linkels Feb 01 '19 at 09:30
  • Please edit your question to include this information, so we know it's not a dupe. – Sparhawk Feb 02 '19 at 00:17
  • (1) anyone who suggested disabledAlgorithms was related to this problem doesn't understand crypto and should not be believed (2) re Windows diff: for both OSes, are you using OpenJDK or an Oracle build? Sun/Oracle (before 11, when deployment is dropped entirely) has 'proprietary' plugins and JNLP not 'contributed' to OpenJDK, which is why icedtea-web is a separate add-on, and it wouldn't be surprising if it has some differences. – dave_thompson_085 Feb 05 '19 at 04:52
  • @dave_thompson: Re: (2) I have no idea what I use in Windows. A user is not supposed to know. But I cannot image it is OpenJDK. Frankly, I am completely fed up with this Java stuff and all developers using it. I remember when Java was introduced and presented as THE solution for multi-platform applications. Truth is, in 15 years that I am on Linux only and went though dozens of installations I might have seen a Java applet working in Linux 2 or 3 times. And even in Windows some applets require a very specific version (down to the 2nd decimal) or it simply does not work. – Johannes Linkels Feb 05 '19 at 13:57
  • Good, OpenJDK is just an option. It is also possible to install Oracle JRE. Which I did. No complaints about signing. But the applet needs a Windows specific environment anyway. So far the multi-platform paradigm. Reverting back to a VM. And still wondering why OpenJDK is picky about signing where Oracle is not, and wondering why it cannot be overruled. One of the great things about Linux is the Dammit! option. – Johannes Linkels Feb 13 '19 at 14:02

0 Answers0