SEZ SEZ Online Manual-

DSC Signing with Java Applet

V Version 1.0
ersion 1.0
 NSDL DATABASE MANAGEMENT LTD. DSC Signing with Java Applet

Table of Contents

1 Introduction .................................................................................................................................................2
2 DSC signing functionality with java applet ...................................................................................................2
3 Troubleshooting ...........................................................................................................................................5
4 Annexure I: JAVA Console Setting ............................................................................................................. 13
5 Annexure II: Installation of JRE ................................................................................................................. 17

SEZ Online Manual Page 1

 NSDL DATABASE MANAGEMENT LTD. DSC Signing with Java Applet

1 INTRODUCTION
SEZ Online system [SOS] enables entity users (SEZ units/ Developers/ Co developers) to
submit their various applications, customs transactions & compliance reports to DC’s office
in electronic form. As these applications and transactions consists of critical and confidential
information, the SOS requires all the entity users to submit / DC users to process these
applications/transactions after signing them with Digital Signature Certificate [DSC] for
security reasons. These electronic requests are processed and approved by the DC’s office
online.
This functionality uses the windows component i.e Capicom.dll. Since this is not compatible
with 64 bit Operating system, this functionality fails for those users who use 64 bit
Operating system. Also Microsoft stopped shipping CAPICOM in its new OS version’s by
default. Hence to provide support to the users who are having 64 bit operating system, a
new functionality has been introduced for digitally signing with Java Applet.

2 DSC SIGNING FUNCTIONALITY WITH JAVA APPLET

The pre requisite for signing with Java applet, Java runtime Environment [JRE] should be
installed on Client’s machine.
The following Security Warnings [pop ups] occur while signing using Java Applet DSC Signer:

Warning 1: If JRE is not installed on client’s machine, the below mentioned warning is
displayed on confirmation screen.

SEZ Online Manual Page 2

 NSDL DATABASE MANAGEMENT LTD. DSC Signing with Java Applet

On click of “OK” button, it will redirect to official Java web site to install JRE.
The complete Installation Process is explained in the section “Annexure II”.
After successful installation, Java Console Settings need to be performed.
The Java Console settings are explained in the section “Annexure I”.

Warning 2: After successful installation and Java Console settings, when user opens the
confirmation screen for signing and submitting request, the following warning is displayed:

SEZ Online Manual Page 3

 NSDL DATABASE MANAGEMENT LTD. DSC Signing with Java Applet

Click on the checkbox “I accept the risk and want to run the application”, the “certificate
selector” window will be displayed. Select the valid digital certificate and click on “OK”. The
request will be signed and submitted successfully.

SEZ Online Manual Page 4

 NSDL DATABASE MANAGEMENT LTD. DSC Signing with Java Applet

3 TROUBLESHOOTING
While submitting the applications with digital signature using Java applet, you may encounter
certain errors related to Digital signature. The list of probable errors with the standard solutions is
enlisted below:

(i) Error
“Block potentially unsafe components from being run”
Message:

Error Screen:

Solution 1: Click on “Don’t Block”, it will process the application.

Solution 2: In Java console settings, in Mixed code (sandboxed vs. trusted) security
verification sections, enable the property “Enable – hide warning and run with
protections”

SEZ Online Manual Page 5

 NSDL DATABASE MANAGEMENT LTD. DSC Signing with Java Applet

(ii) Error “Verification Status Failed Reason: Problem in Base64 decoding the Signature
Message: data. Please check if the supplied signature data is in Base64 encoded string”

Error Screen:

Solution:  Check if the CRL is imported in the proper CRL folder in Cert Manager
 Check if the CRL chain is maintained properly.
 Check for the expiry dates
User need to email to [email protected] with the following details:
Name of Certifying Authority [CA]
Screen shot of Trusted Root Certificate Information from
contentCertificate,
Screen shots of General Tab, Details Tab and Certification Path from
View Certificate

When user clicks on “Cancel” button of confirmation screen, the above

security warning is displayed. Click on “Run” button of the “Security Warning”
screen.

SEZ Online Manual Page 6

 NSDL DATABASE MANAGEMENT LTD. DSC Signing with Java Applet

(iii) Error
“signing failed due to no data to sign”
Message:

Error Screen:

Solution: 1. Please ensure that you are browsing from 64 bit IE browser if your machine is
64 bit. Refer section 5 to check IE browser bit
2. Please ensure that your java version is greater than JRE1.6. Below is the way
to check that: Control Panel -> Java -> Java tab -> Platform or Product.
Refer section 5 to install JRE.
3. Contact administrator with IE browser bit and JRE version you collected from
above steps.

SEZ Online Manual Page 7

 NSDL DATABASE MANAGEMENT LTD. DSC Signing with Java Applet

(iv) Error
“IESSApplet Class not found” exception
Message:

Error Screen:

Solution: 1. Please ensure that you are browsing from 64bit IE browser if your machine
is 64bit.
2. Please ensure that you java version is greater than JRE1.6. Below is the way
to check that: Control Panel -> Java -> Java tab -> Platform or Product
3. Try to remove cached entries
i. Go to Control Panel ->

ii. Click on Java

iii. Go to General Tab in Java Control Panel window.

iv. Click on View button.

v. Select “Applications” in show dropdown and select all items

displayed in grid and delete using remove button.

SEZ Online Manual Page 8

 NSDL DATABASE MANAGEMENT LTD. DSC Signing with Java Applet

4. Visit SEZOnline and try again, if problem still persists, contact

administrator with IE browser bit and JRE version you collected from
above steps.

(v) Error
“Application blocked by Java Security”
Message:

Error Screen:

SEZ Online Manual Page 9

 NSDL DATABASE MANAGEMENT LTD. DSC Signing with Java Applet

Solution:  Go to Control panel

 Click on Java (32-bit) >> Java Control panel >> Security tab >> Exception site
list
 Click on “Edit site list” button >> click on “Add” button >> enter the URL >>
Save the details by clicking on “Add”

(vi) Error
“Certificate Serial number invalid”
Message:

Error Screen:

Solution:  Login as Admin user

 Go to Administration -> Maintain Unit Users
 Search for the User to whom DSC supposed to map
 Click on Edit
 Check whether the serial number entered is same as the DSC serial
number

To check Serial Number, Go to

Tools—>Internet Options—>Content—>Certificates—>Personal
Select the certificate and click on the View button and go to Details Tab.

SEZ Online Manual Page 10

 NSDL DATABASE MANAGEMENT LTD. DSC Signing with Java Applet

(vii) Error
“Certifying Authority not supported by system”
Message:

Error Screen:

Solution:  Check whether the Certifying Authority name is matching with the users
DSC Issued by name selected by user.

SEZ Online Manual Page 11

 NSDL DATABASE MANAGEMENT LTD. DSC Signing with Java Applet

Note: If the certifying Authority is not present in the available list of CA, email
to [email protected] with dummy certificate.

(viii) Error “Cannot Sign the Data. No certificate information registered with the
Message: System”

Error Screen:

Solution:  Login as Admin user

 Go to Administration -> Maintain Unit Users
 Search for the User to whom DSC supposed to map
 Click on Edit
 Check the Add DSC Check box
 Add the Serial Number of DSC
 Select the appropriate Certifying Authority and Save.

(ix) Error
“The Certificate Store does not contain any certificate”
Message:

SEZ Online Manual Page 12

 NSDL DATABASE MANAGEMENT LTD. DSC Signing with Java Applet

Error Screen:

Solution 1: Check whether the certificate has been expired.

To check:
Go to Tools—>Internet Options—>Content—>Certificates—>Personal—select
the certificate and click on the view button. In General details tab, you will find
the Validity Period of the certificate.
Solution 2: Check whether the related certificate is imported/installed in the browser or
not. If Not, then import the certificate in the browser or installed the token
based DSC.

(x) Error
“The Certificate Store does not contain any certificate”
Message:

SEZ Online Manual Page 13

 NSDL DATABASE MANAGEMENT LTD. DSC Signing with Java Applet

Error Screen:

Solution 1: Check whether the certificate has been expired.

To check:
Go to Tools—>Internet Options—>Content—>Certificates—>Personal—select
the certificate and click on the view button. In General details tab, you will find
the Validity Period of the certificate.
Solution 2: Check whether the related certificate is imported/installed in the browser or
not. If Not, then import the certificate in the browser or installed the token
based DSC.

4 ANNEXURE I: JAVA CONSOLE SETTING

Advanced Tab Settings for JRE 1.8_60:
i. Go to Control Panel

ii. Click on Java

iii. Go to Advanced tab and update the settings as below

SEZ Online Manual Page 14

 NSDL DATABASE MANAGEMENT LTD. DSC Signing with Java Applet

Un
Properties: Checked
Checked

Debugging Enable Tracing  

Enable Logging  
Show applet lifecycle exceptions  
Java Console Show Console  
Hide Console  
Do not Start Console  
Default Java for Microsoft Internet Explorer  
Browsers
Mozilla family  
Shortcut creation Always allow  
Always allow if hinted  
Prompt User  
Prompt user if hinted  
Never allow  
JNLP File / MIME Always allow  
Association
Prompt user  
Never allow  

SEZ Online Manual Page 15

 NSDL DATABASE MANAGEMENT LTD. DSC Signing with Java Applet

Application Install if hinted  

Installation
Install if shortcut created  
Install if hinted and shortcut  
Never install  
Secure Execution Allow user to grant permission to signed content  
Environment
Show sandbox warning banner  
Allow user to accept JNLP security requests  
Don’t prompt for client certificate selection when no  
certificates or only one exists

Warn if site certificate does not match hostname  

Show site certificate from server even if it is valid  
Mixed code Enable – show warning if needed  
(sandboxed vs.
trusted) security Enable – hide warning and run with protections  
verification
Enable – hide warning and don’t run untrusted code  
Disable verification (not recommended)  
Perform signed Publisher’s certificate only  
code certificate
revocation checks All certificates in the chain of trust  
on
Do not check (not recommended)  

SEZ Online Manual Page 16

 NSDL DATABASE MANAGEMENT LTD. DSC Signing with Java Applet

Check for certificate Certificate Revocation Lists (CRLs)  

revocation using
Online Certificate Status Protocol (OCSP)  
Both CRLs and OCSP  
Advanced Security Enable the operating system’s restricted environment (native  
Settings sandbox)

Use certificates and keys in browsers keystore  

Enable blacklist revocation check  
Enable caching password for authentication  
Use SSL 2.0 compatible ClientHello format  
Use TLS 1.0  
Use TLS 1.1  
Use TLS 1.2  
Miscellaneous Store user settings in the roaming profile  
Place Java icon in system tray  
Java Quick Starter  

5 ANNEXURE II: INSTALLATION OF JRE

Java Applet functionality is applicable to 64 bit windows operating system only. For 32 bit
windows operating system “CAPICOM” functionality will work. In case of 64 bit OS, Java

SEZ Online Manual Page 17

 NSDL DATABASE MANAGEMENT LTD. DSC Signing with Java Applet
Runtime Environment [JRE] with 32 bit version should be installed irrespective of the
Internet Explorer bit versions.

Windows Internet Explorer

Case Functionality JRE bit version
bit version bit version
1 32 32 CAPICOM Not applicable
2 64 32 CAPICOM Not applicable
3 64 64 Java Applet 32

 To identify the bit version of the Operating system: Go to Control panel  System

 To identify the bit version of the Internet Explorer :

Open Internet Explorer  Help  About Internet Explorer

SEZ Online Manual Page 18

 NSDL DATABASE MANAGEMENT LTD. DSC Signing with Java Applet

 JRE setup files can be download from below mentioned official web site:
o Go to
http://www.oracle.com/technetwork/java/javase/downloads/index.html
o Click on JRE Download

o Accept License Agreement and download offline executable of 32 bit JRE

version where “Product / File Description” is “Windows x86 offline”

SEZ Online Manual Page 19

 NSDL DATABASE MANAGEMENT LTD. DSC Signing with Java Applet

 Installation Steps:
Step 1: Download the files from above mentioned link or the setup files which are enclosed
in the above table 1. Double click on the setup [.exe] file, installation will start.

Step 2: Click on Install button

SEZ Online Manual Page 20

 NSDL DATABASE MANAGEMENT LTD. DSC Signing with Java Applet

Step 3: After Successful message, click on Close button. It will redirect to Java web site for
Verification of Java installation as shown below. Click on “Verify Java Version”

SEZ Online Manual Page 21

 NSDL DATABASE MANAGEMENT LTD. DSC Signing with Java Applet

SEZ Online Manual Page 22

 NSDL DATABASE MANAGEMENT LTD. DSC Signing with Java Applet
Confirmation about the Java installation will be displayed as shown above.
You can verify the Java version from Control Panel as follows: Go to Control Panel  Java
 Java Tab  View Button

SEZ Online Manual Page 23