 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Java Forum / General / November 2006Signing applets to load from any server
I am working for a company which presently distributes its applets in Microsoft .CAB files, signed using a Thawte certificate. These applets are installed along with the server-side components on client servers for their use. I have been working to convert the applets to Sun Java and Swing, and now we are just about ready to deploy them, but we have hit a snag. Thawte expect us to give a full host identifier with our CSR, and for us to deploy the applets only from the specified server. Obviously, this is out of the question for us. Can anybody suggest a solution? Is there such a thing as a code signing certificate which can be served from any host/domain? TIA for any info, Luke ... > ....Is there such a thing as a code signing > certificate which can be served from any host/domain? Are you sure that these 'specific domain' certs. do *not* work off every domain? I find the idea rather extraordinary, even for Thawte (whom I consider to be 'highway robbers'). Andrew T. > ... > > ....Is there such a thing as a code signing > > certificate which can be served from any host/domain? > > Are you sure that these 'specific domain' certs. do *not* > work off every domain? Yes, they're very specific about that. And I can see the sense in it, even though it causes me problems. What better way to verify the identity of the source of an applet? > I find the idea rather extraordinary, > even for Thawte (whom I consider to be 'highway robbers'). Hmm. Compared to Verisign, who own them, Thawte are very modest in their demands. But that doesn't help me with my present difficulty, I'm afraid. Luke > ... >> ....Is there such a thing as a code signing [quoted text clipped - 3 lines] > work off every domain? I find the idea rather extraordinary, > even for Thawte (whom I consider to be 'highway robbers'). I believe the code signing certificate for signing MS .cab files is quite a different animal that an ordinary "Digital ID Class 3" that I use for "Java Object Signing". With my "Class 3 ID" from Verisign (I have bought this from Thawte too...), I can sign Applets and deploy them on any server I like.  SignatureDag. > > ... > >> ....Is there such a thing as a code signing [quoted text clipped - 5 lines] > > I believe the code signing certificate for signing MS .cab files Oh, CAB files, right... (I missed that) > is quite a different animal that an ordinary > "Digital ID Class 3" that I use for "Java Object Signing". > > With my "Class 3 ID" from Verisign (I have bought this from Thawte > too...), I can sign Applets and deploy them on any server I like. Cool. Luke - I hope you solve your conundrum, but remind whoever made that decision, that the number of MSVM's is fading every day, and the *best* advice a company can give to users of the MSVM is to upgrade to a VM that is not obsolete, insecure* and unsupported. * There are differences in security behaviour between the 3810 (final) build of the 1.1.4 MSVM and the Symantec 1.1.5 VM that are a little worrying, at the very least. Personally, I'd launch any (trusted) applet using web start and specifying Java '1.2+' - but maybe that's just me.. Andrew T. > Oh, CAB files, right... (I missed that) > [quoted text clipped - 5 lines] > > Cool. Nice. I wish they'd make that clearer on their website. I'll keep it in mind, and thanks. > Luke - I hope you solve your conundrum, but remind > whoever made that decision, that the number of MSVM's > is fading every day, and the *best* advice a company > can give to users of the MSVM is to upgrade to a > VM that is not obsolete, insecure* and unsupported. Actually, we did end up solving it. Thawte told us how to convert the existing certificate, by exporting it from IE, then importing it to FireFox, then exporting it /again/. A pain, but it resulted in a properly-formed Jar-signing certificate at the end. > * There are differences in security behaviour between > the 3810 (final) build of the 1.1.4 MSVM and the [quoted text clipped - 3 lines] > Personally, I'd launch any (trusted) applet using web > start and specifying Java '1.2+' - but maybe that's just me.. Me too, except that these applets are only a part of a web-based platform that is written largely in Javascript. Don't snigger, because it works. Quite an achievement considering what it does, and the difficulty of debugging Javascript. And no, I didn't write it. In any case, we are getting off the MS JVM. Ready to take it live at our first site next week! Cheers, Luke ... > Actually, we did end up solving it. Glad to hear. > > Personally, I'd launch any (trusted) applet using web > > start and specifying Java '1.2+' - but maybe that's just me.. > > Me too, except that these applets are only a part of a web-based > platform that is written largely in Javascript. Don't snigger, because > it works. ..... I was almost about to add 'that strategy should be fine for most users, and any applet that doesn't require JS interaction' since interaction with JS seems to be one of the last remaining points to putting an applet in a web-page. Andrew T. Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.