Certificate of JNLPAppletLauncher

Hi i was looking to deploy an applet using JOGl, the webpage starts the applet using the JNLPAppletLauncher from applet-launcher.jar int the /deployment/webstart directory. When i load my applet i am first prompted to accept the main certificate which is fine, but i am also warned that the certificate for JNLPAppletLauncher has expired.

Certifacte details:
  Version: V3
  Serial Number: 260553189
  Publisher: PN: Project Jogamp

The email address in the subject field is of michael bein.

Would it be possible to have this certificate updated?

Additionally i was wondering why the main certificate identifies Sven Gothel as the publisher rather than Jogamp? (PS, i do realize that Sven is a/the major contributor) Personally i would prefer that Jogamp was the publisher (no offense Sven). I think some users may find a certificate identified as that of an individual somewhat suspicious. I know the certificate is verified but end users may not understand this.

Thanks in advance, both for any assistance and for JOGL libs (I'm quite impressed).

On 07/04/2012 08:22 AM, Adrian [via jogamp] wrote: jogamp.org/deployment/webstart/jar/applet-launcher.jar:

> cd jogamp.org/deployment
> ls -l
   webstart -> v2.0-rc9
> cd webstart/jar
> jarsigner -verify -verbose -certs applet-launcher.jar

        1864 Wed Jun 20 08:30:52 CEST 2012 META-INF/MANIFEST.MF
        1730 Wed Jun 20 08:30:54 CEST 2012 META-INF/JOGAMP03.SF
        3779 Wed Jun 20 08:30:54 CEST 2012 META-INF/JOGAMP03.RSA
           0 Sat Sep 17 19:42:24 CEST 2011 META-INF/
           0 Sat Sep 10 16:19:36 CEST 2011 org/
           0 Sat Sep 10 16:19:36 CEST 2011 org/jdesktop/
           0 Sat Sep 10 16:19:36 CEST 2011 org/jdesktop/applet/
           0 Sat Sep 10 16:19:36 CEST 2011 org/jdesktop/applet/util/
sm      3906 Sat Sep 10 16:19:36 CEST 2011 org/COPYRIGHT.txt

      X.509, CN=Sven Gothel, OU=Individual Developer, O=No Organization Affiliation, L=Bremerhaven, ST=Bremen, C=DE
      [certificate is valid from 2/10/12 1:00 AM to 2/10/14 12:59 AM]
      X.509, CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US
      [certificate is valid from 2/8/10 1:00 AM to 2/8/20 12:59 AM]
      [KeyUsage extension does not support code signing]
      X.509, CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
      [certificate is valid from 11/17/06 1:00 AM to 7/17/36 1:59 AM]
      [KeyUsage extension does not support code signing]

      ... etc

so I assume your 'cache' is not updated for whatever reason.

Do: 'javaws -uninstall'

> Additionally i was wondering why the main certificate identifies Sven Gothel
> as the publisher rather than Jogamp? (PS, i do realize that Sven is a/the
> major contributor) Personally i would prefer that Jogamp was the publisher (no
> offense Sven).
No offense ..

I tried to have it as 'jogamp.org community' but it's not possible
since we are not [yet] a foundation or company. Only for those it's
possible to have a cert holder name like that, i.e. it must legally exist.
Hence I could only get the 'individual developer' class ..

> I think some users may find a certificate identified as that of
> an individual somewhat suspicious.
Well .. you can have that opinion, sure.

My motivation showing 'jogamp community' is to give the user
a known name they can associate, since I cannot expect them to
know my name :)

> I know the certificate is verified but end
> users may not understand this.
I don't think this is the case, i.e. the name makes a difference here.

However, if there is anybody out there liking to get into the hurdles
of creating 'The JogAmp Foundation' legally in some country .. we can talk
about that.

>
> Thanks in advance, both for any assistance and for JOGL libs (I'm quite
> impressed).
>
You are very welcome.

~Sven

Sven Gothel wrote

However, if there is anybody out there liking to get into the hurdles
of creating 'The JogAmp Foundation' legally in some country .. we can talk
about that.

We could create a corporate foundation or an association in France if you want, we can plan to do that after Siggraph and the release of the stable major version of JOGL. You can keep the name even for an association, that is what "FSF France" does.

Hi Guys,

Thanks for the prompt response.

It actually wasn't the cache but that pointed me in the right direction. I checked the copy that was being downloaded and sure enough it was the certificate you posted. What was actually going on i found somewhat unexpected...

The location i am running the applet from is on my local file system. My jar sits next to the html page which contains the applet tag. I have a few dependent libs some of ours and some 3rd party ones. Essentially the libs reside in a subdir called lib which also had the jogl libraries (including an older copy of the applet-launcher.jar). This was where i was getting the outdated certificate from. I found this somewhat surprising as i was explicitly including the jogl jars in the archive tag, so i must have just assumed that the local copies were not being used.

Once again thanks and sorry for wasting your time.

Adrian

PS, creating the corporate foundation/association in France sounds like a good approach.