Java update 7u51 Web Start Security update workaround

The new Java update on January, the 14th won´t make your applets work unless you get them signed from a certificate Authority. However you might just make a workaround if you can make your users import your own certificate.

The steps to follow are:

1. In every jar edit the MANIFEST.MF file. The “Permissions” attribute must be provided. To grant all the permissions add the following line:
Permissions: all-permissions

2. Edit the java web start file (*.jnlp). Although the latest documentation says it´s no longer necessary to include the security tag, to make it work with your self-signed jars the element must be included. For example, if you set “all-permissions” in the manifest, in the jnlp file you must insert:


The “Codebase” attribute in the jnlp file must match the hosting server name including the port number (ex. http://localhost:8080/”).
Once you have packed all the jars, you can sign them with your own keystore. The steps to execute are the following:

3.Make a new keystore (ex. “demoStore”) with an alias (ex. “demoAlias”):
keytool -keystore demoStore -genkey -alias demoAlias
It will ask to insert some information (name, firm, country, etc.)

4.Make a self-signed certificate (valid for 3650 days):
keytool -selfcert -alias demoAlias -genkey -keystore demoStore -validity 3650

5.Sign all the jars like:
jarsigner -keystore demoStore FileName.jar demoAlias
After running the command, the console will display ”The signer certificate will expire in six months”.

6.Export the keystore certificate:
keytool -export –keystore demoStore -alias demoAlias -file demoStore.csr

7.Import the self-signed certificate.
In MS Windows you need import certificate. Open the Java Control Panel , navigate to Security -> Manage Certificates, select Certificate Type: Signer CA  and import the new *.csr (ex. demoStore.csr) certificate.
Now you can run you Java Web Start application without warnings. You should see the following dialog :