Re: RMI Permissions with applets

Charlie Lai (charlie@angeles.eng.sun.com)
Tue, 17 Aug 1999 10:05:35 -0800 (PDT)

From: Charlie Lai <charlie@angeles.eng.sun.com>
Message-Id: <199908171705.KAA08473@angeles.eng.sun.com>
Subject: Re: RMI Permissions with applets
To: Christopher.Bennett@steelcase.com
Date: Tue, 17 Aug 1999 10:05:35 -0800 (PDT)
In-Reply-To: <NZcb8802-4ecd0b7a@steelcase.com> from "Christopher.Bennett@steelcase.com" at Aug 16, 99 03:40:00 pm

hi,

> 1) Verisign , Microsoft Authenticode Certificates require IE4 and applets
> stored in a CAB file format .
> 2) Thawte Developer Certificates for Java Code Signing require Netscape
> Navigator and applets stored in JAR files.

actually, verisign does issue code signing certificates
for signed JAR files, as well as CAB files.

and thawte requires that you either use netscape's or the JDK's
codesigning tools to create signed JARs. however, once you have
the signed JAR file, it will work in netscape or IE
(assuming you have the Java plug-in).

> Where can I get a certificate that will work with IE 4 using the Java Plug In
> and JAR files. (Somehow I blame Microsoft for this confusion). I have not
> been successful using CAB files with the Java Plug In (so far) and I can not
> use Navigator on our corporate intranet.

you might find this web page useful:
http://webmirror.eng/products/plugin/1.2/docs/nsobjsigning.html

the web page is actually a bit misleading in that it states
you must use netscape's signing tools. that was true in the past
because netscape had built-in support for RSA. however, the next release
of the Java 2 platform (version 1.3), beta, should be out very shortly
(hopefully sometime this month). this release provides RSA support,
so you can use the JDK's own code signing tools instead of netscape's
(if you're not permitted to use netscape).

if using Java 2 (version 1.3) beta is not an option, you can always use
Java 2 (version 1.2), and then purchase a plug-in RSA provider.
here's a web site that lists a number of plug-in providers
that work with the JDK:
http://webmirror.eng/products/jce/jce12_providers.html

hope this is helpful.
thanks,
charlie