Verisign : Java Glossary

go to home page V words local find full screen, hide local find menu Google search web for more information on this topic jump to foot of page translate this page with Babelfish punctuation 0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z (all) ©1996-2009 Roedy Green, Canadian Mind Products
Verisign
Verisign is a company that issues digital certificates. It sells several types including web server, Netscape Java application code signing and Internet Explorer Java application code signing. It sometimes takes months to jump through all the hoops to get one. I suggest you start the process early in your development cycle if you will need any certificates. Make sure you keep track of which computer you used to submit the application. It is the only one that will be able to pick up the finished certificate. You will need a DUNS number for your company and your business listed in the phone book under the name you use on your certificate.

In the effort to close a security hole, Java Plug-In version 1.2.2 requires an exact match of the JAR signer’s root CA certificate (fingerprint) with one in Internet Explorer’s CA store on the executing platform. Just matching the public key is not sufficient, the validity period, etc. must also match.

Because Verisign issued so many different root certificates with the same public key, but slightly differing otherwise, you may not have the precise root certificate you need pre-installed. Their competitor Thawte did not do this, so Thawte certificates work where Verisign ones sometimes don’t.

I have written Verisign asking them to provide a website where you can upgrade Internet Explorer to include all known variants of the root certificate. In the meantime, all you can do is manually import your Verisign certificate into all your client’s Internet Explorers, making sure to include only the public key part of it, or put in a rush order for a Thawte certificate.

The root certificate mismatch problem comes mainly with new browsers not containing old versions of the Verisign root certificates. Ironically, you can bypass the problem by deleting old versions of the VeriSign Class 3 CA - Commercial Content/Software Publisher root certificates from your Netscape browser before you sign any jars, that way the signing tool will select the most recent root certificate as the base for your signing. New installations of Internet Explorer are more likely to have this new root certificate installed. Best to back up before you do this. It would make perfect sense to Alice.

Verisign makes a variety of code-signing certificates. You can buy

certificate
digital signature
DUNS number
Thawte
CMP homejump to top You can get the freshest copy of this page from: or possibly from your local J: drive (Java virtual drive/mindprod.com website mirror)
http://mindprod.com/jgloss/verisign.html J:\mindprod\jgloss\verisign.html
CMP logofeedback Please email your feedback for publication, errors, omissions, typos, formatting errors, ambiguities, unclear wording, broken/redirected link reports, suggestions to improve this page or comments to Roedy Green : feedback email
mindprod.com IP:[65.110.21.43]
view BlogYour face IP:[38.107.191.105]
You are visitor number 10,153.