|
Set up a directory for signing
Find Navigator's digital ID database directory
Find the name of your digital ID
Signing your files
Install the signed archive
Resources
Set up a directory for signing
Create a top-level directory for the signing. Within that directory, create a subdirectory containing all the .class files for your applet (if you have several class files ). Within the subdirectory, place copies of all .class files in their directories. Top level .class files should be right inside this directory, and all package .class files should be in subdirectories with the package names.
-------------------------------------------------------------------
Find Navigator's digital ID database directory
For each browser user, Netscape maintains a directory holding various items, including that user's digital ID database. You'll need to specify this directory when using the code signing tool so that the tool will be able to find the public and private components of your key.
This directory is (usually) "c:\program files\netscape\users\{yourName}". To make sure, search for a directory containing the files "cert7.db" and "key3.db" (which contain your public certificate and private key, respectively). For safety, you might want to copy these files to a secure place.
-------------------------------------------------------------------
Find the name of your digital ID
Now that you've found the digital ID database, you need to know the exact name of your digital ID. To do this, use signtool to list the contents of the database:
signtool -d"<DATABASE directory>" -L
In our case, we typed this:
signtool -d"c:\program files\netscape\users\support" -L
signtool will print out a list of all certificates. Yours will have some long name based on your name, and MUST have a "*" to its left (indicating it is available for signing). We got the following results:
using certificate directory: c:\Program Files\Netscape\Users\support
S Certificates
GlobalSign Primary Class 3 CA
Verisign/RSA Commercial CA
GlobalSign Primary Class 2 CA
GlobalSign Partners CA
UPS Document Exchange by DST
Verisign Class 2 Public Primary Certification Authority - G2
Verisign Class 3 Public Primary Certification Authority - G2
GlobalSign Primary Class 1 CA
BelSign Object Publishing CA
GlobalSign Partners CAT - GlobalSign nv-sa
GTE CyberTrust Root 2
TC TrustCenter, Germany, Class 1 CA
Verisign Class 3 Public Primary Certification Authority
Verisign Class 4 Public Primary Certification Authority - G2
GlobalSign Class 3 CA - GlobalSign nv-sa
GlobalSign Root CA
Personal Freemail RSA 1999.9.16 - Thawte Consulting
Thawte Personal Premium CA
BelSign Secure Server CA
* GlobalSign's GlobalSign nv-sa ID
Access America by DST
GlobalSign Primary Object Publishing CA - GlobalSign nv-sa
Verisign Class 2 Public Primary Certification Authority
GlobalSign Object Publishing CA - GlobalSign nv-sa
GlobalSign Root CAT - GlobalSign nv-sa
Novell E-Commerce Community by DST
Verisign Class 1 Public Primary Certification Authority - G2
Thawte Premium Server CA
GlobalSign Class 2 CA - GlobalSign nv-sa
GlobalSign Class 1 CA - GlobalSign nv-sa
Certificates that can be used to sign objects have *'s to their left.
-------------------------------------------------------------------
Signing your files
Note! Before you run signtool, make sure Navigator is shut down!
Change to the directory that contains the directory containing your applet's .class files. Then, run signtool by typing in the following command :
signtool -d "c:\Program Files\Netscape\Users\support" -k "GlobalSign's GlobalSign nv-sa ID" -Z Sample.jar -c 9 sign
You'll see lots of messages scroll up the screen. When done, a new archive with the applet directory's name and the suffix ".jar" will be created.
Verify the signed archive
The first time you create a signed archive you'll want to verify it. Do this by using the -w option for signtool:
signtool -d"c:\program files\netscape\users\Support" -w Sample.jar
If the archive is signed properly, you'll get a printout of the contents of the signing ID. If not, you won't.
-------------------------------------------------------------------
Install the signed archive
Put the signed .jar archive into the web server directory containing the main class of your applet. Change the .html file that invokes the applet so that it mentions the archive:
<title>GlobalSign Signed Applet</title>
<hr>
<applet code="Sample.class" ARCHIVE="Sample.jar" width=600 height=350>
</applet>
<hr>
-------------------------------------------------------------------
Installing Signed applets for both Internet Explorer and Netscape
Once you've created both .cab (Internet Explorer) and .jar (Netscape) archives for a given applet, you can use both in the same piece of HTML code; each browser will select the archive it understands. Use code like this:
<title>My Wonderful Signed Applet</title>
<hr>
<applet code="MyApplet.class" ARCHIVE="MyApplet.jar" width=600 height=350>
<param name="CABBASE" value="MyApplet.cab">
</applet>
<hr>
-------------------------------------------------------------------
Resources
* You can use signtool to create your own test certificate if you like.
You can find documentation on signtool at the page Signing Software with Netscape Signing Tool 1.1 here or here. |
