Initially each type of certificate had different properties aimed at the different browsers — MS Authenticode with Authenticode x509 extensions aimed at IE applications, Netscape Object Signing with Netscape specific extensions for Java meant to run with the Netscape/JDK 1.1+ plugin, and Java 2 certs aimed at the Java 1.2+ plugin (JDK 1.3 signing tools).
If you buy a Thawte Microsoft Authenticode X.509 certificate, you can turn it into a Netscape Jar signing certificate, or a Sun Jar signing certificate by a process described in Mitch Gallant’s essay.
Java 2 certs are based on the DSA crypto algorithm and are thus not compatible with Netscape and MS codesigning tools. A Java 2 cert used in conjunction with the tools provided by JDK 1.3 will enable you to sign code.
For Java 2 / Plugin 1.2 you’d need the Java 2 certs and JDK 1.3. JDK 1.2+ does not support Thawte cert chains — the top level DSA CA root is signed by Thawte top level RSA root and JDK 1.2+ cannot verify the signature.
The Thawte Root code signing certificate was inadvertently omitted from JDK 1.5 beta. You can download a copy and install it in your cacerts.. See updating root certificates for details.
| You can get the freshest copy of this page from: | or possibly from your local J: drive (Java virtual drive/mindprod.com website mirror) | |
| http://mindprod.com/jgloss/thawte.html | J:\mindprod\jgloss\thawte.html | |
![]() | ||
| Canadian Mind Products | ||
| mindprod.com IP:[65.110.21.43] | ||
| view Blog | Your face IP:[38.107.191.107] | |
| Feedback | You are visitor number 10,522. | |