yongsing
asked on
Question on digital certificate
In making a trusted applet, what's the difference between using a test certificate and a real one? I think I've read somewhere that in using a test certificate, we can only access the applet on the same machine that it resides on. Am I right? How does the browser knows that the certificate is not the real one then?
Also, if I have a couple of JAR files that make up the applet, do I have to sign each one of them with the certificate?
Also, if I have a couple of JAR files that make up the applet, do I have to sign each one of them with the certificate?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I think it depends on the type of digital signature you're using. It is supposedly possible to sign a jar such no installation is required by the client. I think its signtool that supports this.
ASKER
According to the URL below, signtool is used for creating test certificates for use on Netscape browsers. We still need to import the certificate into Netscape so that it will recognize applets signed with the certificate.
http://www.suitable.com/CodeSigningCerts.shtml
I would be interested to know if there really is such a tool that can create test certificates for use on Netscape and IE, and without having any installation on the client.
http://www.suitable.com/CodeSigningCerts.shtml
I would be interested to know if there really is such a tool that can create test certificates for use on Netscape and IE, and without having any installation on the client.
I think it may be possible with the plugin but I'm not sure.
You right yongsing. There is no "technical" difference between test certificates an some others.
But the jvm sees a certificate she not know, she will ask the user if he/she will trust this certificate.
I think noone will trust a certificate witch is not validated from a root CA. (verisign, ....)
But there are some services who create a certificate for you for free: (web.de)
But the jvm sees a certificate she not know, she will ask the user if he/she will trust this certificate.
I think noone will trust a certificate witch is not validated from a root CA. (verisign, ....)
But there are some services who create a certificate for you for free: (web.de)
ASKER
Well, not true. I've just read that if you use a test certificate, you have to prepare the browser so that it will recognize the certificate. However, if you use a real one, such as VeriSign, you don't have to. This is because VeriSign's CA certificates are pre-installed on current versions of Netscape and IE, so both browsers know how to handle certificates from VeriSign. Therefore, for each client machine that you want your applet (signed with test certificate) to run in, you have to prepare the browser on it.