10 Steps to create a digital certificate and sign an applet
27-jul-00 : 5:17 :irene67
These steps describe the creation of a self-signed applet. This is useful for testing purposes. For use of public reachable applets, there will be needed a "real" certificate issued by an authority like VeriSign or Thawte. (See step 10 - no user will import and trust a self-signed applet from an unkown developer).
The applet needs to run in the plugin, as only the plugin is platform- and browser-independent. And without this indepence, it makes no sense to use java...
1. Create your code for the applet as usual. It is not necessary to set any permissions or use security managers in the code.
2. Install JDK 1.3 Path for use of the following commands: [jdk 1.3 path]\bin\ (commands are keytool, jar, jarsigner) Password for the keystore is *any* password. Only Sun knows why... perhaps ;-)
我装的是jdk1.2,ie5.5,java plugin 1.2,同样可行.
3. Generate key: keytool -genkey -alias tstkey Enter keystore password: ******* What is your first and last name? [Unknown]: Your Name What is the name of your organizational unit? [Unknown]: YourUnit What is the name of your organization? [Unknown]: YourOrg What is the name of your City or Locality? [Unknown]: YourCity What is the name of your State or Province? [Unknown]: YS What is the two-letter country code for this unit? [Unknown]: US Is CN=Your Name, OU=YourUnit, O=YourOrg, L=YourCity, ST=YS, C=US correct? [no]: yes
Enter key password for tstkey (RETURN if same as keystore password):
4. Export key: keytool -export -alias tstkey -file tstcert.crt
Enter keystore password: ******* Certificate stored in file tstcert.crt
5. Create JAR: jar cvf tst.jar tst.class Add all classes used in your project by typing the classnames in the same line.
added manifest adding: tst.class(in = 849) (out= 536)(deflated 36%)
6. Verify JAR: jar tvf tst.jar
0 Thu Jul 27 12:58:28 GMT+02:00 2000 META-INF/ 68 Thu Jul 27 12:58:28 GMT+02:00 2000 META-INF/MANIFEST.MF 849 Thu Jul 27 12:49:04 GMT+02:00 2000 tst.class
7. Sign JAR: jarsigner tst.jar tstkey Enter Passphrase for keystore: *******
8. Verifiy Signing: jarsigner -verify -verbose -certs tst.jar
130 Thu Jul 27 13:04:12 GMT+02:00 2000 META-INF/MANIFEST.MF 183 Thu Jul 27 13:04:12 GMT+02:00 2000 META-INF/TSTKEY.SF 920 Thu Jul 27 13:04:12 GMT+02:00 2000 META-INF/TSTKEY.RSA 0 Thu Jul 27 12:58:28 GMT+02:00 2000 META-INF/ smk 849 Thu Jul 27 12:49:04 GMT+02:00 2000 tst.class
X.509, CN=Your Name, OU=YourUnit, O=YourOrg, L=YourCity, ST=YS, C=US (tstkey)
s = signature was verified m = entry is listed in manifest k = at least one certificate was found in keystore i = at least one certificate was found in identity scope
9. Create HTML-File for use of the Applet by the Sun Plugin 1.3 (recommended to use HTML Converter Version 1.3)
10. Place a link to the .crt file (created in step 4) in the HTML-File. This .crt file has to be opened by the browser and has to be set to trusted, as the root CA for testing is not known to the browser. For use with "real" certificates, this step should not be necessary.