On Wed, Oct 16, 2013 at 12:45 PM, Egon Willighagen <egon.willighagen@gmail.com> wrote:
> So there is need to find out how to better validate Jmol Java
> certificate at least for the signed applet.
> 1.
> I have often seen the warning that the applet has mixed signed and
> unsigned content. That's one point to sort out.
> 2.
> Try to have a signature that is recognized as "known publisher"
> 3.
> Include that "manifest" in the jar, whatever it is
> Jmol community of users,
> anyone has some knowledge of how all this works? Help is appreciated.

I think further information on the new "Permissions" attribute is found here:



I get the same kind of problems with other Java application I've developed and which is distributed through Java Web Start (.jnlp file)
I've added the Permissions attribute in the manifest file with "all-permissions" value.
It makes the warning messages less alarming, but it's far from being perfect : users now have to accept every time...

I think the only lasting solution would be to use a trusted certificate to sign Jmol.
But, trusted certificates are expensive (and you have to pay every year) and it will probably less easy to manage the release process over time.

I tried to find cheap certificates, here's what I've found for now :
I'm interested in how this can be solved, I need to do it also for other software.