Re: Remove an "Always Trust" permission from OpenJDK/IcedTea Plugin

To: debian-user@lists.debian.org
Subject: Re: Remove an "Always Trust" permission from OpenJDK/IcedTea Plugin
From: Joel Rees <joel.rees@gmail.com>
Date: Fri, 22 Apr 2011 21:19:42 +0900
Message-id: <[🔎] BANLkTimyD3oe72j67RPepLK7RtN3f98rHw@mail.gmail.com>
In-reply-to: <[🔎] 1303135059.2230.21.camel@cobra>
References: <[🔎] 1303117585.2508.16.camel@cobra> <[🔎] BANLkTik2+vEiBqEJ6F5QcKkFzdsw79ahKg@mail.gmail.com> <[🔎] 1303135059.2230.21.camel@cobra>

On Mon, Apr 18, 2011 at 10:57 PM, adris <adris1@t-online.de> wrote:
> Hi,
>
> thanks for the help.
>
> Am Montag, den 18.04.2011, 20:34 +0900 schrieb Joel Rees:
>> On Mon, Apr 18, 2011 at 6:06 PM, adris <adris1@t-online.de> wrote:
>> > Hi,
>> >
>> > how can you undo the permission "Always Trust this Publisher", once you
>> > checked that box for a signed applet in Iceweasel.
>>
>> (Shooting from the hip, here, but, ...) I think the quickest way is to
>> remove the corresponding certificate.
>>
>> You go to the settings item in the edit menu, I don't remember the
>> name of the group in English, but it should be something like
>> miscellaneous or high-level or advanced or something. It's not in the
>> security, contents, program, or privacy group, where you might expect
>> it.

I'm logged into an English session now and here's where it is:

Edit menu -> Preferences -> Advanced -> (button) View Certificates

There also buttons there for revocation lists and validation, which
you might be interested in, and security devices.

> I also first thought that this certificate got installed in Iceaweasel,
> but I did not find it listed among all the available options.

You say options, does that mean you did or did not find the browser
certificate store dialog?

(I'm trying to remember the pseudo-url for getting at the browser's
settings that it doesn't expose via GUI interfaces, and it's not
coming t mind.)

> I just gave it a try and removed the whole ~/.mozilla folder.
> Nevertheless this certificated still seems to be trusted.

Yeah, I'm pretty sure that would not work. Even though the dialog is
the browser's, the certificate store is not. I'm trying to remember
what is where, though and I'm drawing blanks. I hate getting old.

> Therefore I think that the certificate is marked trusted by OpenJDK.
> But I'm unable to find the default keystore.

Have you tried installing the openJDK Policy Tool (GUI) and/or
Monitoring and Management Console (JConsole)?

> It should be possible to add and remove trusted certificates with the
> keytool command, but I have to specify the keystore.
>
> Any idea where OpenJDK might have it's default keystore?
> Or am I looking the wrong way at that problem?

I think the policy tool can tell you what it's using. Then again, I
thnk the command line policy tool should use the default if it's going
to use the default.

Gnome has its own keystore, for what it's worth.

Sorry I'm not much help today.

Reply to:

Follow-Ups:
- Re: Remove an "Always Trust" permission from OpenJDK/IcedTea Plugin
  - From: adris <adris1@t-online.de>

References:
- Remove an "Always Trust" permission from OpenJDK/IcedTea Plugin
  - From: adris <adris1@t-online.de>
- Re: Remove an "Always Trust" permission from OpenJDK/IcedTea Plugin
  - From: Joel Rees <joel.rees@gmail.com>
- Re: Remove an "Always Trust" permission from OpenJDK/IcedTea Plugin
  - From: adris <adris1@t-online.de>

Prev by Date: Re: pci 0000:01:00.0: BAR 6: no parent found for of device [0xfffe0000-0xffffffff]
Next by Date: Re: firefox & gimp buttons missing - gtk issue?
Previous by thread: Re: Remove an "Always Trust" permission from OpenJDK/IcedTea Plugin
Next by thread: Re: Remove an "Always Trust" permission from OpenJDK/IcedTea Plugin
Index(es):
- Date
- Thread