|Applies To||RSA BSAFE SSL-J|
RSA BSAFE Cert-J
|Issue||How to perform client-side SSL authentication with a Java applet|
Do Internet Explorer SSL client certificates work with Java plugins and applets?
A Java applet is unable to access private keys and certificates stored on a local machine
|Cause||The Java sandbox security limits the ability of a Java applet running in a browser access to local files.|
|Resolution||Reducing the level of security provided by the sandbox (normally from configuration options within the browser) can be extremely dangerous, since it opens up the ability to have hackers place 'Trojan Horse' attacks on your end-user machine.|
An obvious consideration is whether the applet would be able to access the Crypto Service Provider within Microsoft IE, the RSA BSAFE Java toolkits do not assist in this functionality.
A Java application needs to be code-signed to allow it permission to carry out what may be considered a 'dangerous operation'. In this specific instance, the operation that is required is for the applet to read a private key (and associated certificate) from the local file store on the computer.
More in-depth reading should also be carried out about the Java security model. A useful FAQ note (with links) is provided by RSA Security.
|Legacy Article ID||a4104|