How do you get a Java applet from the IDE onto a website?

Question

I have done quite a bit of searching around for a solution to this problem and the more I look into this the more complex the problem gets. I'm convinced I'm missing something, it can't be this difficult to get an already existing Java applet onto a website.

I have currently created a simple Applet, compiled it into a .jar file and included the simple HTML markup for it.

<html>
<body>

<applet code=myApplet.class
        archive="myApplet.jar"
        width=400 height=700>
</applet>

</body>
</html>

This begins to load, which implies that it's working, but then I get warnings and security errors that absolutely will not allow the applet to play.

Further research suggests that the applet must be signed first, this is where I am struggling.

Questions

• How is signing an applet making it any safer? If I am able to sign this applet and make it usable, how is signing a malicious program any harder than signing a game?
• Where can I find a copy of "signtool" (apparently required to sign applets)? How do you use it?
• What is an RSA certificate and how do I obtain one?
• What is a keystore?

I'm, basically looking for an existing step-by-step process to get through making a VERY basic applet, and posting it online so that it is viewable to anybody.

The security process is daunting and confusing and I'm not entirely certain how to sign an application.

Oracle's explanation mentions that the processes requires "signtool" and links to a site that doesn't mention it and I can't find it. Furthermore, I'm not entirely certain this is even necessary.

Answer 1

1. The signature provides the user with information about who the source of the JAR is and confidence that it hasn't been tampered with. That being said, a self-signed JAR is not really any more secure than an unsigned JAR.

2. You can find jarsigner in the bin directory of your JDK.

3. That's a pretty broad question and more applicable to the security site than stackoverflow. Try searching on https://security.stackexchange.com/

4. It's a file that contains public keys, private keys, and certificate chains. Keystores are the standard Java method for managing your certificates. For a more in-depth answer, see wikipedia.