#4547 File Manager failing since upgrade to Java 8 Update 31

[Phil McKerracher]

File Manager is failing with a message java.security.cert.CertificateException: Java couldn't trust Server since upgrading to Java 8 Update 31. I can't use it at all now in Chrome or Firefox, even after clearing the Java cache and browser caches. It still works in IE.

[Jamie Cameron]

Does your Webmin system have a valid SSL certificate? It may be that Java 8 doesn't allow connections when the cert is self-signed, which is the default for new installs.

[Phil McKerracher]

Yes, it's valid (not self-signed or expired)

[Phil McKerracher]

Update: The problem happens on Safari as well. Still works on IE though.

It's clearly an SSL problem but I'm not sure why it should have suddenly appeared.

Here's the Java console output:

java.lang.IllegalArgumentException: white space not allowed
at java.net.URLPermission.normalizeHeaders(Unknown Source)
at java.net.URLPermission.init(Unknown Source)
at java.net.URLPermission.<init>(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.URLtoSocketPermission(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at com.sun.deploy.net.HttpUtils.followRedirects(Unknown Source)
at com.sun.deploy.net.BasicHttpRequest.doRequest(Unknown Source)
at com.sun.deploy.net.BasicHttpRequest.doGetRequestEX(Unknown Source)
at com.sun.deploy.cache.ResourceProviderImpl.checkUpdateAvailable(Unknown Source)
at com.sun.deploy.cache.ResourceProviderImpl.isUpdateAvailable(Unknown Source)
at com.sun.deploy.cache.DeployCacheHandler.get(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection$6.run(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection$6.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.AccessController.doPrivileged(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.followRedirect0(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.access$300(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection$12.run(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection$12.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.AccessController.doPrivileged(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.followRedirect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.access$200(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection$9.run(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection$9.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.AccessController.doPrivileged(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at sun.security.provider.certpath.URICertStore.engineGetCRLs(Unknown Source)
at java.security.cert.CertStore.getCRLs(Unknown Source)
at sun.security.provider.certpath.DistributionPointFetcher.getCRL(Unknown Source)
at sun.security.provider.certpath.DistributionPointFetcher.getCRLs(Unknown Source)
at sun.security.provider.certpath.DistributionPointFetcher.getCRLs(Unknown Source)
at sun.security.provider.certpath.DistributionPointFetcher.getCRLs(Unknown Source)
at com.sun.deploy.security.RevocationChecker.checkCRLs(Unknown Source)
at com.sun.deploy.security.RevocationChecker.check(Unknown Source)
at com.sun.deploy.security.RevocationCheckHelper.doRevocationCheck(Unknown Source)
at com.sun.deploy.security.RevocationCheckHelper.doRevocationCheck(Unknown Source)
at com.sun.deploy.security.RevocationCheckHelper.checkRevocationStatus(Unknown Source)
at com.sun.deploy.security.X509TrustManagerDelegate.checkTrusted(Unknown Source)
at com.sun.deploy.security.X509Extended7DeployTrustManagerDelegate.checkServerTrusted(Unknown Source)
at com.sun.deploy.security.X509Extended7DeployTrustManager.checkServerTrusted(Unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source)
at sun.plugin.PluginURLJarFileCallBack.connect(Unknown Source)
at sun.plugin.PluginURLJarFileCallBack.retrieve(Unknown Source)
at sun.net.www.protocol.jar.URLJarFile.retrieve(Unknown Source)
at sun.net.www.protocol.jar.URLJarFile.getJarFile(Unknown Source)
at sun.net.www.protocol.jar.JarFileFactory.get(Unknown Source)
at sun.net.www.protocol.jar.JarURLConnection.connect(Unknown Source)
at sun.plugin.net.protocol.jar.CachedJarURLConnection.connect(Unknown Source)
at sun.plugin.net.protocol.jar.CachedJarURLConnection.getJarFileInternal(Unknown Source)
at sun.plugin.net.protocol.jar.CachedJarURLConnection.getJarFile(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.getJarFile(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.access$800(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.ensureOpen(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.<init>(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$3.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.deploy.security.DeployURLClassPath.getLoader(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath.getLoader(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath.getResource(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader$2.run(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader$2.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.plugin2.applet.Plugin2ClassLoader.findClassHelper(Unknown Source)
at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
at sun.plugin2.applet.Plugin2Manager.initAppletAdapter(Unknown Source)
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
java.security.AccessControlException: access denied ("java.net.SocketPermission" "ocsp.startssl.com:80" "connect,resolve")
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessControlContext.checkPermission2(Unknown Source)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkConnect(Unknown Source)
at sun.plugin2.applet.SecurityManagerHelper.checkConnectHelper(Unknown Source)
at sun.plugin2.applet.AWTAppletSecurityManager.checkConnect(Unknown Source)
at sun.net.www.http.HttpClient.openServer(Unknown Source)
at sun.net.www.http.HttpClient.<init>(Unknown Source)
at sun.net.www.http.HttpClient.New(Unknown Source)
at sun.net.www.http.HttpClient.New(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)
at sun.security.provider.certpath.OCSP.check(Unknown Source)
at sun.security.provider.certpath.OCSP.check(Unknown Source)
at sun.security.provider.certpath.OCSP.check(Unknown Source)
at com.sun.deploy.security.RevocationChecker.checkOCSP(Unknown Source)
at com.sun.deploy.security.RevocationChecker.check(Unknown Source)
at com.sun.deploy.security.RevocationCheckHelper.doRevocationCheck(Unknown Source)
at com.sun.deploy.security.RevocationCheckHelper.doRevocationCheck(Unknown Source)
at com.sun.deploy.security.RevocationCheckHelper.checkRevocationStatus(Unknown Source)
at com.sun.deploy.security.X509TrustManagerDelegate.checkTrusted(Unknown Source)
at com.sun.deploy.security.X509Extended7DeployTrustManagerDelegate.checkServerTrusted(Unknown Source)
at com.sun.deploy.security.X509Extended7DeployTrustManager.checkServerTrusted(Unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.access$200(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection$9.run(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection$9.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.AccessController.doPrivileged(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getHeaderField(Unknown Source)
at java.net.URLConnection.getContentType(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getContentType(Unknown Source)
at FileManager.get_text(FileManager.java:411)
at FileManager.init(FileManager.java:142)
at com.sun.deploy.uitoolkit.impl.awt.AWTAppletAdapter.init(Unknown Source)
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Java couldn't trust Server
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection$10.run(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection$10.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.net.www.protocol.http.HttpURLConnection.getChainedException(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.access$200(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection$9.run(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection$9.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.AccessController.doPrivileged(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
at FileManager.get_text(FileManager.java:412)
at FileManager.init(FileManager.java:142)
at com.sun.deploy.uitoolkit.impl.awt.AWTAppletAdapter.init(Unknown Source)
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Java couldn't trust Server
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.access$200(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection$9.run(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection$9.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.AccessController.doPrivileged(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getHeaderField(Unknown Source)
at java.net.URLConnection.getContentType(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getContentType(Unknown Source)
at FileManager.get_text(FileManager.java:411)
... 4 more
Caused by: java.security.cert.CertificateException: Java couldn't trust Server
at com.sun.deploy.security.X509TrustManagerDelegate.checkTrusted(Unknown Source)
at com.sun.deploy.security.X509Extended7DeployTrustManagerDelegate.checkServerTrusted(Unknown Source)
at com.sun.deploy.security.X509Extended7DeployTrustManager.checkServerTrusted(Unknown Source)
... 25 more

[Jamie Cameron]

That "couldn't trust server" message implies that Java doesn't like your SSL cert.

Maybe it was issued by a CA that isn't on the list of those known to Java?

[Phil McKerracher]

It's from startssl.com - if Java has removed support for this CA that's a big problem.

Update: Seems to be a known problem, but why did it work before?
https://forum.startcom.org/viewtopic.php?f=15&t=1815&st=0&sk=t&sd=a&start=15

There's a workaround in that thread but it's pretty horrible. I guess the workaround for me is paying for a new cert or using IE. Or using a different file manager.

[Phil McKerracher]

Update: I paid for a new Comodo SSL certificate from namecheap.com. It installed OK, I cleared all caches, but the problem is still there. File Manager no longer works except in IE. Money down the drain :-(

[Phil McKerracher]

Update: The paid Comodo certificate DOES fix the problem if you remember to copy it to the webmin server as well as the Apache server! Also, unlike StartSSL certificates, Comodo certificates don't cover a root and single subdomain (e.g. with or without www).

[Jamie Cameron]

Interesting, so maybe the new Java version is more strictly enforcing SSL CAs?

[Phil McKerracher]

Hmm, not so fast - when I returned to my PC later I couldn't access File Manager any more - I was now seeing an error with the new certificate (something about revocation information not found). And then when I restored the original certificate I got a completely different error (class not found) in Chrome until I tried IE, then when I returned to Chrome the File Manager loaded OK as if nothing had happened. There's a lot of cacheing and timeouts confusing the situation.

[Phil McKerracher]

OK, I got some uninterrupted time (at 2am!) and I've now got File Manager working in all browsers. Uninstalling and reinstalling Java seemed to help - probably either the Oracle updater is rubbish or there was a conflict between 64 and 32 bit versions. Before then I was getting a bewildering array of error messages with no consistency. I think my Java settings are all back to the defaults now but I can't be sure because uninstalling doesn't clear them - they must be remembered in the registry somewhere.

Replacing the StartSSL certificate also seems to have helped - File Manager will work with it sometimes but with warnings. With a Comodo certificate I get no warnings. (Unfortunately as well as costing more, the new certificate has caused a lot of other problems because I can no longer use an SSL connection without the www, but that's a different issue.)

[Jamie Cameron]

FYI, I did a test on a 64-bit Windows system with the latest Java on non-SSL Webmin install, and it worked fine.

[Jamie Cameron]

Also, a test using Java on Windows and Firefox was able to load the file manager just fine from a box with a self-signed cert (after clicking through a warning).

[BLACKDIAMONT]

Hi, thanks for redirecting me to this thread.

I tried to remove and installing java again, ends up with the error "javax.net.SSLHandshakeExecption: java.security.cert.CertificateException: Java couldn't trust Server".

Tested with Firefox Nightly 64bit and Internet Explorer 32bit.

[UCAS]

I can confirm the same problem since I updated Java x64 to 1.8.31 on Windows 8.1 x64.

Basically java.security.AccessControlException: access denied ("java.net.SocketPermission" "ocsp.startssl.com:80" "connect,resolve")

I tried adding the site and its certificate to the exceptions list; this did not help. Running certutil -verify -urlfetch cert.crt shows that the certificate is a-ok and the CRL and OCSP servers respond as expected.

[Phil McKerracher]

I'll describe the solution that eventually worked for me (Win 8.1 64 bit, Chrome or Firefox or IE), in case it helps. I'm not sure all these steps are necessary - there are a lot of permutations involved and I have only tried a few. Replacing my old StartSSL certificate and reinstalling Java both seem to be necessary though.

• Copy the four files with names beginning "ssl." from the root of your site (the one you use for webmin and File Manager) to a backup location, in case you want to restore the old certificate (I used WinSCP because file manager was broken). The private key in particular is a pain to lose.
• Generate a CSR for a new certificate (Virtualmin > Server Configuration > Manage SSL Certificate > Create Signing Request).
• Order a new Comodo PositiveSSL certificate from http://namecheap.com, $9/year. Use the CSR to generate an "Apache" certificate. Download the CA certificate bundle as well.
• Install the new certificate and the CA certificate bundle using Virtualmin. Press the "Copy to Webmin" button underneath (easy to forget).
• Uninstall all old version(s) of Java from your PC control panel and reboot.
• Open a browser such as Chrome and clear the browser cache (or use incognito mode) and browse to File Manager. You will be prompted to install Java (32 bit). At the moment I no longer have the 64 bit version installed.
• The first time you try to access File Manager you will get a warning - accept it.
• Open the Java Control Panel from control panel and click the Security tab. Add your site to the exception site list if it's not there already - it should look something like https://myserver.mydomain.com:10000. I didn't have to relax any of the other security settings in Java.

You should now be able to open File Manager from the latest versions of IE, Chrome, Firefox or Safari with no warnings. You sometimes get a blank screen for several seconds - be patient.

Hope this helps. Apologies if I've missed anything or glossed over details I can't remember.

Update: I discovered that one more tweak is necessary to get this working on Mac OSX (Yosemite with 64 bit Java, viewed with Safari or Chrome). If you don't do this it works the first time you access File Manager but not subsequently. Bizarre.

• Open the Java Control Panel in System Preferences, select the "Advanced" tab and under "Perform TLS certificate revocation checks on" select the option "Do not check (not recommended)".

Also it doesn't always seem to be necessary to clear the browser or Java cache when testing changes, but it is necessary to completely close and re-open the browser.

[UCAS]

What worked for me was simply to delete all Java temporary files from the Java control panel applet. It still complains about the server cert unless I add it to the store (CA is untrusted it seems), but I only have to click "continue".

[Phil McKerracher]

The recent Chrome update has broken it again, maybe permanently, see http://www.theregister.co.uk/2015/04/14/google_java_chrome_42/

[Nick Meisher]

Here is a quote from JAVA website below regarding how to get JAVA working on Chrome Version 42

[ https://java.com/en/download/faq/chrome.xml ]

NPAPI support by Chrome
As of April 2015, starting with Chrome Version 42, Google has added an additional (three) steps to configuring NPAPI based plugins like Java to run :

1. In your URL bar, enter: chrome://flags/#enable-npapi
2. Click the Enable link for the Enable NPAPI configuration option.
3. Click the Relaunch button that now appears at the bottom of the configuration page.

[klaipedaville]

I carefully followed what was written here, thank you Phill for sharing. However, I seem to be having quite an interesting issue which is very similar to this one. I have been using Comodo certs for a long time without any problems but for the last couple of months there is a constant security warning that I have to click through in order to get to Webmin's File Manager. Webmin 1.750. Java is version 8 update 45 (build 1.8.0_45-b15) and it's run on Windows 8.

That's how it appears. First, when I restore all Java prompts, I get the message that the publisher name is verified and the digital signature for this application was generated with a certificate from a trusted authority. This is just a regular message when you click on "more information". The applet is started, everything works fine up to this moment. Then when I press "run" that is to actually run the applet with the File Manager I instantly get another message that already says, "The publisher name is unknown. There is no digital signature for this application." When a half of a second earlier it said just the contrary! Now in order to get to the File Manager I always have to click through this security warning message. Anybody has any ideas what's going on? It happens on all the major latest browsers such as FF, IE, Chrome, Opera, and Safari. I tried completely re-installing Java, browsers' and Java's caches cleaned / uncleaned but no joy. I even tried it on completely new computers that nobody has ever touched at all but the results are absolutely the same, that is this security warning is always there to click through anyway. I of course tried it with and without the exception sites list but still no dice either.

The only thing I could realize is that the only trouble when that could happen is when the CA root / intermediate certs are not in your keystore when the applet /.jar is signed but then again if it had not been signed with the CA added then it would have never worked at all in the first place which is not the case here because it always says in my first message that the publisher is verified and it is signed by a trusted authority. I am totally clueless... Would appreciate any comments / assistance / advices.. anything at all. Many thanks!

[klaipedaville]

Update. Here is my case specifics. Hope it will help someone and save on time and efforts.

There are these three Java latest updates. Java 8u31, Java 8u40, and Java 8u45 with the 45-th (java 8 update 45) being the very latest one that is also currently being advised to be used by Java. Now the Webmin's 1.750 File Manager SSL install that is run on Windows 8, 64 bit can only be used with Java 8u31. The other two latest Java updates (8u40 and 8u45) spill out security warning errors even if your applets are signed using certificates by any trusted CAs such as Comodo for example.

There is another suggestion that Windows' update KB2918614 broke some "stuff" inside Windows and removing that update and re-booting could allegedly solve extra issues you might be having in this regard.

As for me I have by now even personally reached the point of starting to drop Java support simply everywhere, on all my machines, servers, computers, applications and so on for endless headache and countless trouble it creates, let alone its 3 billion vulnerabilities and bugs it has.

[Phil McKerracher]

I agree - Java is seriously broken and is now blocked in Chrome anyway. I've stopped using File Manager for now. I believe there's a rewrite in progress but that's a huge job. I'm using WinSCP instead - it needs to be tweaked with a few "custom commands" but it works.

[klaipedaville]

The latest Java update (8u45) is working fine in Chrome in my case = Chrome 43.0.2357.81 + Windows 8, 64 bit + Webmin 1.750 SSL install. The only problem I had was Java spiting out this security warning. Then if clicked through the error it was all OK until the next session.

Unfortunately, I've also stopped using File Manager for now. WinSCP is used as a back up / substitute instead. The idea of having the only piece of software (Webmin) that runs it all under one "roof" was simply perfect in my opinion.

Hope this File Manager's rewrite in HTML5 + JavaScript will come into action soon.

[Jamie Cameron]

Yeah, the future is HTML5 - see https://github.com/Real-Gecko/filemin

[klaipedaville]

Hey, someone outran you, Jamie. Filemin's creator is much of advance of you as this module (new File Manager, not Java-applets based) was created a year ago as far as I understand and it's being actually tried and tested. I will try to install it now and join them all in testing. Thank you for sharing the link!