JDK-6381630 : New certificate warning with 5.0U6 flags certs as invalid instead of untrusted
  • Type: Bug
  • Component: deploy
  • Sub-Component: plugin
  • Affected Version: 5.0u6
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • OS: generic
  • CPU: generic
  • Submitted: 2006-02-06
  • Updated: 2010-04-08
  • Resolved: 2006-02-25
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
Other JDK 6
5.0u7 b02Fixed 6Fixed
Description
The new security enhancement done for JVM 5.0U6 regarding the change in the warning message for certificates is causing concern and issues for customers.

This new message now states that if a certificate is untrusted it is now flagged as invalid.  This wording is causing problems for customers using self signed certificates as the cert is not technically invalid but rather untrusted.  This was changed in update 6.

The customer is requesting that this be changed.  They do not disagree that the warning should be scarier or that we are making security enhancements, but they would rather the wording reflect the true nature of why it is being flagged and not a blanket "invalid" certificate message.
The customer is complain about text in our security dialog box for untrusted server certificate, which we state:
"The web site's certificate is invalid.  Do you want to continue?"

We are going to change to:
"The web site's certificate cannot be verified.  Do you want to continue?"
Comments
EVALUATION We are going to change the text in security warning dialog box from "is invalid" to "cannot be verified" for both untrusted server certificate and untrusted code signing certificate. This changes will be in 5.0u7 and Mustang release. See attached image for more details.
08-02-2006
EVALUATION We are working on it and will put some "friendly" words in security warning dialog box, this will be changed in 5.0u7 and Mustang release.
06-02-2006