[ale] Java Code Signing Certificates?
Greg Freemyer
greg.freemyer at gmail.com
Tue Jan 31 08:54:50 EST 2006
All,
I have an Java app (including applets) I support. Historically we
have used it on a very restricted Intranet basis so we just modified
the java.policy file on the client machines to give us the security
access we need.
We are now wanting to do a pilot where we let our users have access
from random machines on the Internet.
To do that we need to sign our applets. I just checked at Verisign
and find they sell a code-signing cert:
> VeriSign SSL Certs:
> Price: 3-Year Certificate: $2,480
> Price: 2-Year Certificate: $1,790
> Price: 1-Year Certificate: $995
>
> Verisign Code Signing:
> 3-Year $431/year
> 2-Year $447/year
> 1-Year $499/year
Since this is a pilot I want to get by as cheaply as I can.
I know for the SSL cert. I can self generate for free and not have a
well known cert like the above. (We currently do this with Tomcat).
Does anyone know how the Java Appliet code signing works? Can I self
sign? If not, can I get by with just the $499 Code Signing cert, or
do I have to have both a SSL Cert and a Code Signing cert from the
same source.
Also, if I have to have a 3rd party cert. who is the cheapest place to
get it from. Surely not Verisign.
Thanks
Greg
--
Greg Freemyer
The Norcross Group
Forensics for the 21st Century
More information about the Ale
mailing list