contributed by Walter Pasqualone, Walter.Pasqualone@isis-papyrus.com
rewritten by Daniel Griscom, 9/25/99
This section tells how to create test code signing certificates for Netscape Communicator and Microsoft Internet Explorer. The examples assume the use of NT4.0 server, Netscape Communicator 4.x, Internet Explorer 4.0 using JDK1.1.6, the Netscape Object Signing too, and the Java-SDK from Microsoft.
Note that applets signed by these certificates will not be recognized by most browsers: you have to prepare the browser to accept the certificate. This means that these certificates are only good for testing, or for use on a small, known set of machines. Also, with Internet Explorer, once it is set to recognize your test certificate it will recognize any test certificate, which may be a security problem.
A code signing certificate for Netscape Navigator/Communicator can be generated by means of the Netscape Object Signing tool, downloadable at <http://developer.netscape.com/software/signedobj/jarpack.html>. To create your certificate first create a directory (e.g.
Copy into the
Open a DOS window and change directory to your
signtool -G"My_Priv_Cert" -d"mycert"...where the
signtool will request the following pieces of information (example answers are shown):
This step produces a file in
<a href="x509.cacert">Click to import certificate</a>The reference can also be an absolute or relative URL such as
Note: the above application assumes you're using Windows NT. If you're using Win98, then replaceNow, open the html document in Communicator and click into the Import link. You should be prompted by Netscape with dialogs guiding you through the importing steps. If this does not happen, try first to exit, restart your browser and clean up the cache.
If a 'Save As' dialog appears instead, and you're browsing the html document from a web server instead of from your local file system, then the Web Server does not export such a MIME type associated to the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\InetInfo\Parameters\MimeMapby adding the same MIME type and extension specified above.
If the problem still persist, try restarting the system before importing the certificate.
If you imported your certificate successfully, you should be able to see it among all other Certificate's Authorities listed into the Browser->Communicator->Security-Info->Signers panel. Now, you can create and sign your applet as explained in Signing code for Netscape Navigator.
For more information, see Generating Test Object-Signing Certificates at <http://developer.netscape.com/docs/manuals/signedobj/signtool/signcert.htm>.
Microsoft Internet ExplorerA code signing certificate for MSIE can be generated by means of the MS tools provided with the Microsoft JAVA-SDK, downloadable from the Microsoft web site. To create a private certificate, follow these steps:
1: Using the
makecert /sv "ms_ACME.pvk" /n "CN=ACME Certificate" ms_ACME.cerwhere...
2: Generate a
Cert2spc ms_ACME.cer ms_ACME.spcThis step generates the file
Now you can use the newly created
setreg 1 TRUEOf course, you have to do this for each machine which must accept your certificate. In addition, once these machines accept your test certificate they will accept any test certificate. This could be a security problem, so proceed with care. In particular, once you've finished testing you might want to disable the test root with the following command:
setreg 1 FALSE
For more information see
Next section: Links
|Copyright © 2012 Daniel Griscom||Site design myriadweb.com|