Java applet still getting security error after signing jar

Question

I'm really floundering here. I got an old applet dumped on me and was told to make the security error go away for people with Java version 7 installed. I got a code signing certificate from GoDaddy.com and signed the jar with it. I then placed the new applet on the unix server where it is used by a cgi web page (apache web server).

Now I am getting an error saying 'Missing require Permissions manifest attribute in main jar: [server url]/factorportal.jar.

I know next to nothing about java, applets, jars and very little about certificates. Can anyone spoon feed me through what I still need to do to get this applet to run without errors? My Google searches have turned up only partial and very confusing information. My unfamiliarity with the process is most likely my problem.

Answer 1

Since 7u25 you need Permissions: sandbox in the META-INF/MANIFEST.MF file (added with the m option of the jar command line utility). Here's an Oracle blog on the subject. It's there so that the jar can have its origin verified without raising privileges. Traditionally Java conflated verified origin with trust.