Home > Uncategorized > Scary Security Warnings

Scary Security Warnings

November 13th, 2013

Since Java 7 update 40 (or so), users have been getting scary security warnings with red text of the following form:

security warning

This is part of a new initiative by Oracle to increase the security of Java in the browser and cannot be disabled or dismissed (they removed the “don’t ask again” option). Starting with the January 2014 Java update, it will no longer be possible to run code that is not signed with a certificate issued by a recognized certificate authority.

Sonic Message Manager is free and I would like to keep it free. Since these certificates cost several hundred US$/year, I will probably change the distribution model away from Java Web Start and towards a more traditional “installer” based model. Suggestions on how to deal with this are welcome in the comments or by email.


  1. skin27
    November 14th, 2013 at 19:42 | #1

    Funny that software that’s installs a toolbar, is so strict about security. Webstart (especially for nightlies) is convenient. Don’t know if would be sufficient, but you may try a free certificate service (http://www.startssl.com/?app=1). Otherwise you could implement a (silent) installer like Firefox or Chrome have.

  2. November 20th, 2013 at 16:28 | #2

    Unfortunately, the free certificates from StartSSL won’t work. I’m using them already for several SSL-enabled websites I run. Code signing is not available with those certificates. Not even their paid certificates will do. Since they are not trusted by the Java VM as a root CA, users would have to install a new certificate for the warning to go away.

Comments are closed.