Running really old Java Applet

I am a Network Administrator for an ISP and I am testing the ability to use a Linux OS on a work laptop to do what I need to do from a laptop (i.e. when away from my big desktop PC).

I've already got my firewall VPN app working and tested. I already found out about Remuda for remote desktop and that works really well too. I put Zorin OS on this 2012 laptop (core i5 + 8GB). Installed all of my usual apps - except Microsoft Teams of course. No real replacement for that, but I could log in via webpage - not that big of an issue.

Then I come to needing to direct-connect to an old Calix C7 shelf. To do this, I would normally install Java onto a Windows laptop and then enter the java.security file and start disabling a lot of the security checks, such as minimum hash key size (default is 2048-bits and I need it to be 128 or lower for old Calix stuff), disabling hash checks such as AH2 and the like.

Well, I found the java.security file after installing Java via the console (sudo apt javaws) and made similar changes, but I'm still not able to run the applet. I also installed most recently something called: IcedTea Web. It's supposed to be some kind of Java launcher. Went into the Control Panel for it and set it to Low security. STILL cannot open the LaunchIM applet. This applet is required for me to be able to interface with the shelf directly to do certain tasks such as upload a backup file (via ftp software I can download nearly anywhere), see configs, etc. All for the purposes of troubleshooting a shelf that's no longer talking on the network.

Here's the output of the Java Console:

net.sourceforge.jnlp.LaunchException: Fatal: Initialization Error: Could not initialize application. The application has not been initialized, for more information execute javaws from the command line.
at java.desktop/net.sourceforge.jnlp.Launcher.createApplication(Launcher.java:823)
at java.desktop/net.sourceforge.jnlp.Launcher.launchApplication(Launcher.java:531)
at java.desktop/net.sourceforge.jnlp.Launcher$TgThread.run(Launcher.java:946
Caused by: net.sourceforge.jnlp.LaunchException: Fatal: Initialization Error: A fatal error occurred while trying to verify jars. An exception has been thrown in class JarCertVerifier. Being unable to read the cacerts or trusted.certs files could be a possible cause for this exception.: java.util.zip.ZipException: zip END header not found
at java.desktop/net.sourceforge.jnlp.runtime.JNLPClassLoader.initializeResources(JNLPClassLoader.java:740)
at java.desktop/net.sourceforge.jnlp.runtime.JNLPClassLoader.(JNLPClassLoader.java:337)
at java.desktop/net.sourceforge.jnlp.runtime.JNLPClassLoader.createInstance(JNLPClassLoader.java:420)
at java.desktop/net.sourceforge.jnlp.runtime.JNLPClassLoader.getInstance(JNLPClassLoader.java:494)
at java.desktop/net.sourceforge.jnlp.runtime.JNLPClassLoader.getInstance(JNLPClassLoader.java:467)
at java.desktop/net.sourceforge.jnlp.Launcher.createApplication(Launcher.java:815)
... 2 more
net.sourceforge.jnlp.LaunchException: Fatal: Initialization Error: Could not initialize application. The application has not been initialized, for more information execute javaws from the command line.
at java.desktop/net.sourceforge.jnlp.Launcher.createApplication(Launcher.java:823)
at java.desktop/net.sourceforge.jnlp.Launcher.launchApplication(Launcher.java:531)
at java.desktop/net.sourceforge.jnlp.Launcher$TgThread.run(Launcher.java:946)
Caused by: net.sourceforge.jnlp.LaunchException: Fatal: Initialization Error: A fatal error occurred while trying to verify jars. An exception has been thrown in class JarCertVerifier. Being unable to read the cacerts or trusted.certs files could be a possible cause for this exception.: java.util.zip.ZipException: zip END header not found
at java.desktop/net.sourceforge.jnlp.runtime.JNLPClassLoader.initializeResources(JNLPClassLoader.java:740)
at java.desktop/net.sourceforge.jnlp.runtime.JNLPClassLoader.(JNLPClassLoader.java:337)
at java.desktop/net.sourceforge.jnlp.runtime.JNLPClassLoader.createInstance(JNLPClassLoader.java:420)
at java.desktop/net.sourceforge.jnlp.runtime.JNLPClassLoader.getInstance(JNLPClassLoader.java:494)
at java.desktop/net.sourceforge.jnlp.runtime.JNLPClassLoader.getInstance(JNLPClassLoader.java:467)
at java.desktop/net.sourceforge.jnlp.Launcher.createApplication(Launcher.java:815)
... 2 more

netx: Initialization Error: Could not initialize application. (Fatal: Initialization Error: A fatal error occurred while trying to verify jars. An exception has been thrown in class JarCertVerifier. Being unable to read the cacerts or trusted.certs files could be a possible cause for this exception.: java.util.zip.ZipException: zip END header not found)

Any advice on how to help troubleshoot this issue would be appreciated.

Until I can get this resolved, there's no way I can use a Linux distro to replace my Windows 11 laptop for field work purposes and I'm stuck with a $@#%& group policy forced down from on-high by the company's IT lords. I figured if I had Linux, I would retain 100% control over my laptop and also not have to deal with all the garbage AI ■■■■ that Microslop is forcing down everyone's throats against their will.

Thanks in advance,

The Bearded Retro Guy
It's a bad internet name. It's from when I streamed old games around 2020.

Oh, and also.... YOU'RE WELCOME!! <--- if you get it, you get it.

ca-certs is exacting. If a user installs different versions of the same software, then the kerstore will get mixed up. I Think that is what is happening here.
You would need openjdk-8-jre for what you are trying to run, not Java 11

Once you correct all packages to match versions, you will also need to remember to reset the keystore

sudo apt install --reinstall ca-certificates-java

sudo update-ca-certificates -f

Ok, I found a post on some forum somewhere that dealt with removing ALL traces of Java from my system (Ubuntu based) and verified everything was gone, attempted to run the first command you supplied and got an error that JAVA wasn't found on the system.

Then I ran these:

apt-cache search openjdk-8
sudo apt install openjdk-8-jre

Then I ran the two commands you gave and they ran ok.

I will go and test the Calix app again later on today and report back the results. I do appreciate the assistance in this matter.

Ok, so I just ran into the same problem I originally ran into - which is double-clicking the file named "launchIMS.jnlp" just ended up opening Brave browser with a blank page.

Looking further into the matter again, jnlp stands for Java Network Launch Protocol, so this is apparently why I had installed "IcedTea-Web" in the first place. That program when installed DID connect to the shelf to download the actual Java package. It was the package itself that failed to start and threw the above errors.

So now I'm wondering if I need to re-install IcedTea again, but it has to use the older JAVA version 8 like you said.

The problem with trying to install IcedTea-Web is that it forces an upgrade to Java21 or something and then removing specifically Java21 and suddenly IcedTea-Web is no longer installed, so I'm in a catch-22 situation.

And for the record, stuff like this is why people who don't use Linux are extremely hesitant to make the switch over. I am having to jump through hoops and do all kinds of research to try to arm-wrestle this Linux to do something that is extraordinarily easy to just do in Windows.

From a security standpoint, what you are attempting to do here is prone to failure.
Modern protocols and standards actively prevent what you are trying to do.

And it really boils down to: "Running a really old Java applet".
In this statement, you acknowledge the crux of the problem.

Windows OS is more tolerant of security bypasses and cryptosigning being disabled or modified.
This is not a Linux problem, nor are most users going to run into this kind of issue.

You are trying to run Embedded Legacy software rather than meeting modern security demands.
Your two options are to

• Update to the current standards or
• Run a Windows OS 7 build in VirtualMachinery and operate the legacy software that way.