Re: CA matter with signed jar and with netscape

Marianne Mueller (Marianne.Mueller@Eng)
Fri, 8 May 1998 11:58:22 -0700 (PDT)

Date: Fri, 8 May 1998 11:58:22 -0700 (PDT)
From: Marianne Mueller <Marianne.Mueller@Eng>
Subject: Re: CA matter with signed jar and with netscape
To: java-security@web1.javasoft.com, fcortesh@nexo.es

> I have my .x509 created with javakey, and my signed .jar.
> All goes well with appletviewer, but if I want to use with Netscape 4.x,
> I think that my x.509 must be also in my Netscape Communicator to run my
> jar.

Actually it's more complicated than that.

Unfortunately the JDK 1.1 signing and verification is not supported
by the web browsers (Netscape's and Microsoft's.) It is supported
in HotJava, http://java.sun.com/products/hotjava and appletviewer.

You can use the Java Plug-In in the browsers to get access to
more recent JDK technology, http://java.sun.com/products/plugin
You should be able to use 1.1.x signed applets with the Plug-In
plugged into the browsers.

We are working with the Java licensees to get the standard Java
signing working for people in an interoperable way.

>
> My ask is:
> - How could I make Communicator to take my .x509?
> - Is a .x509 file a valid kind of certificate to do that?
> - A certificate is a CA?
> - Someone knows what kind of archives are .p12?
>

If you want to use Netscape's model, refer to their web site for info
on how to import certificates.
http://developer.netscape.com/software/signedobj/index.html

I don't think Netscape accepts the .x509 certificates created by
javakey in JDK 1.1.x. A certificate is not a CA; a CA is a Certificate
Authority, an agency that vouches for the identity of someone and the
pairing of the identity and a key. (Roughly speaking.) I have no
idea what .p12 refers to.

But I would recommend trying the Plug-In -- this works with Netscape's
browsers and Microsoft's browsers and gives you access to more recent
Java technology.

Marianne