by Roedy Green ©1996-2008 Canadian Mind ProductsInitially each type of certificate had different properties aimed at the different browsers — MS Authenticode with Authenticode x509 extensions aimed at IE applications, Netscape Object Signing with Netscape specific extensions for Java meant to run with the Netscape/JDK 1.1x plugin, and Java 2 certs aimed at the Java 2 plugin (JDK 1.3 signing tools).
If you buy a Thawte Microsoft Authenticode X.509 certificate, you can turn it into a Netscape Jar signing certificate, or a Sun Jar signing certificate by a process described in Mitch Gallant’s essay.
Java 2 certs are based on the DSA crypto algorithm and are thus not compatible with Netscape and MS codesigning tools. A Java 2 cert used in conjunction with the tools provided by JDK 1.3 will enable you to sign code.
For Java 2 / Plugin 1.2 you’d need the Java 2 certs and JDK 1.3. JDK 1.2.x does not support Thawte cert chains — the top level DSA CA root is signed by Thawte top level RSA root and JDK 1.2.x cannot verify the signature.
The Thawte Root code signing certificate was inadvertently omitted from JDK 1.5 beta. You can download a copy and install it in your cacerts. See updating root certificates for details.
 |
Please email your feedback for publication, errors, omissions, broken/redirected link reportsand suggestions to improve this page to Roedy Green :  | ||
| Canadian Mind Products | 
 |
||
| mindprod.com IP:[65.110.21.43] | |||
| Your face IP:[38.103.63.18] | The information on this page is for non-military use only. | ||
| You are visitor number 7,879. | Military use includes use by defence contractors. | ||
| You can get a fresh copy of this page from: | or possibly from your local J: drive (Java virtual drive/Mindprod website mirror) | ||
| http://mindprod.com/jgloss/thawte.html | J:\mindprod\jgloss\thawte.html | ||