NoMachine Support

Your questions answered

Knowledge Base

Searching in: Articles & FAQs
Filter the search results
Applies to:
Last update:
Searching in: Articles & FAQs
ID: AR10K00708
Applies to: NX Server Products
Added on: 2013-10-08
Last update: 2013-10-21
How to sign the Web Companion applet by using your own certificate

The NoMachine Web Companion, as well as NX Web Companion 3.5.0, contains a signed Java applet used to download the required client components ('plugin')  and the session information. 

NoMachine provides a self-signed applet. Customers using the Web Companion tool are invited to secure the applet by using their own signed certificate.

You can find below some instructions for generating your own certificate to sign the Java applet by using the Java JAR Signer tool available from http://java.sun.com

JAR Signer is a command line tool for signing and verifying the signature on JAR files. JAR Signer is used to make a signed copy of a SignedApplet.jar file:

jarsigner -keystore compstore -storepass ab987c
                 -keypass kpi135 -signedjar
                 SSignedApplet.jar SignedApplet.jar signFiles

The -storepass ab987c and -keystore compstore options specify the keystore database and password where the private key for signing the JAR file is stored. The -keypass kpi135 option is the password to the private key, SSignedApplet.jar is the name of the signed JAR file, and signFiles is the alias to the private key.  JAR Signer extracts the certificate from the keystore whose entry is signFiles and attaches it to the generated signature of the signed JAR file.

We recommend to also read the documentation on the java sun homepage.

 

How to not show Java popup "the application contains both signed and unsigned code"

From the Java official documentation, http://docs.oracle.com/javase/6/docs/technotes/guides/jweb/mixed_code.html:

"As of the Java SE 6 Update 19 release (or later), when a program contains both signed and unsigned components, a warning dialog is raised."

The same article provide instructions for deploying signed applications and applets securerly without a mixed code warning.

Basically, it's necessary to specify Trusted-Library: true in the manifest file.

1. In the plugin/Java directory create a text file containing "Trusted-Library: true":

 # touch trustlib.txt && echo "Trusted-Library: true" > trustlib.txt

2. Edit manifest file:

# jar ufvm nxapplet.jar trustlib.txt

3. Sign the applet again using keytool and jarsigner.