000026050 - How to perform client-side SSL authentication with a Java applet

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000026050
IssueHow to perform client-side SSL authentication with a Java applet
Do Internet Explorer SSL client certificates work with Java plugins and applets?
A Java applet is unable to access private keys and certificates stored on a local machine
CauseThe Java sandbox security limits the ability of a Java applet running in a browser access to local files.  
ResolutionReducing the level of security provided by the sandbox (normally from configuration options within the browser) can be extremely dangerous, since it opens up the ability to have hackers place 'Trojan Horse' attacks on your end-user machine.

An obvious consideration is whether the applet would be able to access the Crypto Service Provider within Microsoft IE, the RSA BSAFE Java toolkits do not assist in this functionality.

A Java application needs to be code-signed to allow it permission to carry out what may be considered a 'dangerous operation'.  In this specific instance, the operation that is required is for the applet to read a private key (and associated certificate) from the local file store on the computer.

More in-depth reading should also be carried out about the Java security model.  A useful FAQ note (with links) is provided by RSA Security.
Legacy Article IDa4104