©1996-2012 Roedy Green, Canadian Mind ProductsThis essay does not describe an existing computer program, just one that should exist. This essay is about a suggested student project in Java programming. This essay gives a rough overview of how it might work. I have no source, object, specifications, file layouts or anything else useful to implementing this project.
This project outline is not like the artificial, tidy little problems you are spoon-fed in school, when all the facts you need are included, nothing extraneous is mentioned, the answer is fully specified, along with hints to nudge you toward a single expected canonical solution. This project is much more like the real world of messy problems where it is up to you to fully the define the end point, or a series of ever more difficult versions of this project, and research the information yourself to solve them.
Everything I have to say to help you with this project is written below. I am not prepared to help you implement it; or give you any additional materials. I have too many other projects of my own.
Though I am a programmer, I don’t do people’s homework for them. That just robs them of an education.
You have my full permission to implement this project in any way you please and to keep all the profits from your endeavour.
Please do not email me about this project without reading the disclaimer above.
Users need the most recent root certificates in order to use Applet or a Java Web Start code signed by recently issued code-signing certificates or ones signed by certificates from obscure companies whose root certificates are not included in the Sun distribution.
Without wide distribution of the corresponding root certificate to all the software users, a purchased code-signing certificate behaves just like a self-signed phony one.
In particular the Thawte Code Signing CA.cer root certificate is not part of the Java 1.4 JRE (Java Runtime Environment) distributution.
It may even be possible to get all your root certificates from all the signing authorities updated in one go from a trusted third party. In the worst case you would have to visit each signing authority’s website, and run their version of the application.
I propose writing a generic fully automated root certificate updater called inject.
The program has no user interface, other than perhaps to ask for final confirmation and a display of how successful it was. The user does not have to answer any questions, much less complicated ones.
It uses the Java Security API (Application Programming Interface) or exec to launch native utilities to make the necessary modifications. Ideally it would be completely platform independent.
The program finds the current cacerts. file and updates it. It can scan for others and optionally update them too.
A more difficult challenge would be to also update the root certificate databases in the various browsers such as Opera, Mozilla, Netscape and Internet Explorer.
For ultra security, Sun and the root certificate authorities could jointly invent a special sort of certificate that enables a program signed with it to meddle with the cacerts. file, but only of that company.
 |
You can get the freshest copy of this page from: | or possibly from your local J: drive (Java virtual drive/mindprod.com website mirror) |
| http://mindprod.com/project/rootcertinstaller.html | J:\mindprod\project\rootcertinstaller.html | |
 |  Please email your feedback for publication, letters to the editor, errors, omissions, typos, formatting errors, ambiguities, unclear wording, broken/redirected link reports, suggestions to improve this page or comments to
Roedy Green :
If you want your message kept confidential, not considered for posting, please explicitly specify that. | |
| Canadian Mind Products | ||
| mindprod.com IP:[65.110.21.43] | ||
| view Blog | Your face IP:[38.107.179.212] | |
| Feedback | You are visitor number 11,263. | |
