Java plugin don't ask for certificate
For one site (a bank), java plugin throws a security exception, instead of asking confirm to certificate.
Operating system: SunOS 5.11 snv_151a i86pc i386 i86pc
Firefox 3.6.13 (same result on 3.6.10)
Steps I use to reproduce: open: "http://www.danskebank.dk/da-dk/privat/netbank/pages/netbank.aspx"
select: "Log-on" (top right) and "Netbank (NemID)"
Expected: Window with Certification confirmation (danid.dk)
Actual: Security Exception
On other version of firefox (3.6.2) and os (Windows Vista), I get expected result.
Is it a bug, and if so is it a bug in firefox or java (my operating system version, of course)?
You can try to clear the Java cache.
- http://www.java.com/en/download/help/5000020300.xml - How do I clear the Java cache? - 1.5.0, 6.0
Thank you - yes, this have suggested with some similar problems. In this case, however it changes nothing.
Have tried: - java cache - firefox cache - update java and plugin (22 -> 23) - update firefox (6.10 -> 6.13)
Still no luck
What kind of security exception do you get?
The site is verified by a VeriSign Class 3 Secure Server CA - G2 certificate that links to a build-in VeriSign root certificate.
You can try to remove the stored intermediate certificates from VeriSign in Certificate Manager.
- Edit > Preferences > Advanced > Encryption: Certificates > View Certificates : Authorities
The stored intermediate certificates as "Software Security device" and the build-in root certificates show as "Builtin Object Token". Don't remove the latter.
Rename (or delete) the file cert8.db (cert8.db.old) in the Profile Folder to remove all intermediate certificates that Firefox has stored by visiting secure websites.
The exception is "java.lang.SecurityException: attempted to open sandboxed jar https://applet.danid.dk/bootapplet/634291738804295661 as Trusted-Only" (full stacktrace under "More system Details")
Well, I am not sure if I got it right, but:
Deleted all with "Software Security Device" Closed firefox, deleted cert8.db. Open firefox and try - same result. Check certificates : VeriSign G2 and G3 have been added under Software (without confirmation)??
I had saved a restricted java.policy file (for development purposes) under my home directory. Deleting it solves this issue in my case.