We help IT Professionals succeed at work.

Question on digital certificate

yongsing
yongsing asked
on
In making a trusted applet, what's the difference between using a test certificate and a real one? I think I've read somewhere that in using a test certificate, we can only access the applet on the same machine that it resides on. Am I right? How does the browser knows that the certificate is not the real one then?

Also, if I have a couple of JAR files that make up the applet, do I have to sign each one of them with the certificate?
Comment
Watch Question

Java Developer
BRONZE EXPERT
Top Expert 2010
Commented:
The main difference between a test certificate and a real one is it's credibility.
The purpose of a cert is to validate that you are who you say you are.
As anyone can create a test certificate then a user has no assurity that you are who you say you are.

As far as I know there are are no limitation on how a test certificate can be used, and yes you do need to sign every jar file.

Author

Commented:
>> As far as I know there are are no limitation on how a test certificate can be used

Well, not true. I've just read that if you use a test certificate, you have to prepare the browser so that it will recognize the certificate. However, if you use a real one, such as VeriSign, you don't have to. This is because VeriSign's CA certificates are pre-installed on current versions of Netscape and IE, so both browsers know how to handle certificates from VeriSign. Therefore, for each client machine that you want your applet (signed with test certificate) to run in, you have to prepare the browser on it.
Mick BarryJava Developer
BRONZE EXPERT
Top Expert 2010

Commented:
I think it depends on the type of digital signature you're using. It is supposedly possible to sign a jar such no installation is required by the client. I think its signtool that supports this.

Author

Commented:
According to the URL below, signtool is used for creating test certificates for use on Netscape browsers. We still need to import the certificate into Netscape so that it will recognize applets signed with the certificate.

http://www.suitable.com/CodeSigningCerts.shtml

I would be interested to know if there really is such a tool that can create test certificates for use on Netscape and IE, and without having any installation on the client.
Mick BarryJava Developer
BRONZE EXPERT
Top Expert 2010

Commented:
I think it may be possible with the plugin but I'm not sure.
You right yongsing. There is no "technical" difference between test certificates an some others.
But the jvm sees a certificate she not know, she will ask the user if he/she will trust this certificate.
I think noone will trust a certificate witch is not validated from a root CA. (verisign, ....)

But there are some services who create a certificate for you for free: (web.de)

Explore More ContentExplore courses, solutions, and other research materials related to this topic.