From: "Kraemer, Max, CTR" <Max.Kraemer-contractor@jntf.osd.mil>
To: "'java-security@java.sun.com'" <java-security@java.sun.com>
Subject: Applet signing
Date: Thu, 29 Apr 1999 13:42:08 -0600
To whom it may concern:
I work at the Joint National Test Facility in Colorado Springs, CO. I'm
working on a client-server applet that will be viewed using the Java Plug-in
1.1.2 with Netscape or Internet Explorer. Because the applet performs a few
task that step outside the sandbox (writing files to the user's hard disk,
printing, quiting the browser, etc, ...), so I have been signing the applet
using the javakey tool. However, I have been tasked to find out if I can
get a certificate from an outside certificate authority (i.e. Verisign, or
maybe a CA from within our organization). In other words, we may need to
sign the applet using a certificate that has been created by an authorized
source rather than generating one of our own using javakey. I understand
that many of these authorities use tools to create a certificate other than
javakey. Is it common to get certificates that will work with the plug-in
in this manner, and are there any limitations to the type of certificates
that can be used with the plug-in? I'm very new to the idea of applet
signing and any help would be greatly appreciated.
Max Kraemer
kraemerm@jntf.osd.mil
(719) 567-0869