Newbie question: Signing a Java applet
in [Java Help]
|
Prev: When is software good enough? (was Re: Motivation of softwareprofessionals)
Next: JFreeChart - Legend control with adding different series
From: mikevb on 14 Feb 2010 17:20 Hi all, The TL;DR version of below: Where can I buy a certificate suitable for signing a Java applet? Help!! The long version: I have a question regarding signing a Java applet. I've spent a lot of time researching this, and have only encountered contradictory information, bad links, and outdated documentation. It's driving me mad! I hope someone can help... My situation is this. I need to make slight changes to some Java applet code (properJavaRDP), and rebuild it ready for deployment. The original build I have works fine (actually, its performance and behaviour are very good). However, buildng it locally results in all sorts of failures when running as an applet, e.g. security exceptions when trying to set up the clipboard. Obviously, this code is designed to be run with better privileges than I'm giving it. So, I expect I need to sign the applet. This is where I'm having the problem. I can't find a definitive answer on what kind of certificate I need for that purpose. Sun's docs (or all I can find of them using Google, http://java.sun.com/j2se/1.4.2/docs/guide/plugin/developer_guide/rsa_signing.html ) say: "RSA certificates may be purchased from a Certificate Authority (CA) that supports RSA" However, I can't find a source that says it sells RSA certificates directly. Some info says that a SSL certificate is OK, some say that SSL certificates are implemented using RSA and would work, others again say that SSL and RSA are for different purposes and not interchangeable... I really can't tell what I should buy. The only source that says it sells certificates specifically for Java signing is too expensive: http://www.verisign.com/code-signing/content-signing-certificates/sun-java/index.html?sl=productdetails Can anyone clarify this process? What do I need to buy, and where's the best place to buy it? Any help much appreciated! Mike
From: Andrew Thompson on 14 Feb 2010 18:37 On Feb 15, 9:20 am, mikevb <fa...(a)fenz.net> wrote: > ... > Can anyone clarify this process? What do I need to buy, and where's > the best place to buy it? I cannot advise you on a certificate that is verified by a CA, but there is an alternative. It is possible to create a cert using the JDK tools. Such a certificate is not verified by a CA, and the warnings before getting the code are slightly more scary, but as long as the user will trust you, it will still work. -- Andrew T. pscode.org
From: mikevb on 14 Feb 2010 19:08 On Feb 15, 12:37 pm, Andrew Thompson <andrewtho...(a)gmail.com> wrote: > I cannot advise you on a certificate that is verified by a CA, but > there is an alternative. It is possible to create a cert using the > JDK tools. Such a certificate is not verified by a CA, and the > warnings before getting the code are slightly more scary, but as long > as the user will trust you, it will still work. Thanks Andrew - I'll give that a try and see how I go, but I think we'll need to get a 'real' certificate sometime soon. Hopefully someone can provide a recommendation. Thanks, Mike
From: Andrew Thompson on 14 Feb 2010 21:32 On Feb 15, 11:08 am, mikevb <fa...(a)fenz.net> wrote: > On Feb 15, 12:37 pm, Andrew Thompson <andrewtho...(a)gmail.com> wrote: re, self-signing. > ..I'll give that a try and see how I go,.. If you have an IDE (or otherwise have Ant installed), you might try playing with one of my webstart API demos. The FileContents example creates a digital certificate to sign the code (some forms of which, need to be trusted. You can get the build/source files from the linked .zip at http://pscode.org/jws/api.html#fs >..but I think > we'll need to get a 'real' certificate sometime soon. Hopefully > someone can provide a recommendation. That is probably best. A 'self signed' certificate really does not provide any protection to the end user. The last time I heard, Thawte was issuing some 'freemail' certificates (for free). I decided not to use them because the name on the certificate was 'Freemail User' or WTE. I wanted my name and domain to be on the certificate (and shown to the user, at time of prompting them to accept the code). -- Andrew T. pscode.org
From: Roedy Green on 14 Feb 2010 22:36
On Sun, 14 Feb 2010 14:20:56 -0800 (PST), mikevb <falco(a)fenz.net> wrote, quoted or indirectly quoted someone who said : > >The TL;DR version of below: Where can I buy a certificate suitable for >signing a Java applet? Help!! See http://mindprod.com/jgloss/certificate.html Thawte is probably the best place. See http://mindprod.com/jgloss/selfsignedcertificate.html if you want to make your own for free. -- Roedy Green Canadian Mind Products http://mindprod.com Nothing has really happened until it has been recorded. ~ Virginia Woolf (born: 1882-01-25 died: 1941-03-28 at age: 59) |