Signing Applets and Web Start Applications

The security configuration for Java™ 7 running in a browser has changed.

The default security configuration for Java 7 running in a browser changed significantly in the January 2014 CPU (Oracle 7u51, IBM® 7 SR6-FP1).

When you run in these Java environments:

All Applets and Web Start applications must be signed with a certificate from a trusted authority. Self-signed certificates are not accepted.
All JARS must have the Permissions attribute set in the JAR Manifest.

The ctgclient.jar file that is included in CICS® TG has the Permissions attribute set and is signed with trusted CA certificates from Symantec:

Symantec Root CA for all SSL and Code Signing products enrolled after October 10, 2010.
Symantec Intermediate CA Certificates: Code Signing Certificate

Any other JARs running as part of Applets and Web Start applications also need to have the Permissions attribute set in the JAR Manifest and be signed with a certificate from a trusted authority.