> > Currently, we can get the applets accepted if we have the JDK
> > installed on the client machine (and then
> > set up the correct information or have copied the identitydb.obj file
> > directly onto a machine). However, this
> > is not a practical solution for multiple users. The copying of the
> > identitydb.obj file is also a very "brute" force
> > way of installation as it may destroy other certificates from other
> > sources.
Note that your users do not have to overwrite their existing
identitydb.obj files. All they have to do is import the signer's
certificate into their (existing) identitydb.obj files
and mark it as "trusted" .
"javakey" has an option that will allow you to do exactly that
(see http://java.sun.com/security/signExample/index.html, Step 3).
Currently, we support only a static trust configuration,
meaning your identitydb.obj has to be configured with the appropriate
signer certificates before you run a signed applet.
Jan