Certificate Deployment
Mark Herschberg (Mark_Herschberg@paintedword.com)
Wed, 02 Dec 1998 14:16:08 -0500
I have a question regarding the deployment of certificates. I think
this is an big issue many people will be dealing with shortly and was
hoping that you have might have a solution, or could recommend any
mailing lists which discuss this topic.
We have developed an application which we deploy as a signed jar
file. Obviously, the client machines need to have our certificate to
accept the signature.
Our customers are non technical people (some have never heard of Java
before seeing our product), so we want to make the process as simple as
possible. Clearly if they don't already have an identitydb.obj file, we
can simply give them a default one with our certificate already in it.
Unfortunately, in some cases, either the sys admin already installed
such a file, or another company beats us to them an installed their
default identitydb.obj file. We're currently looking at ZeroG's
InstallAnywhere to download our certificate and public key, and install
them into the identitydb.obj file using javakey (InstallAnywhere allows
command line actions).
Does javakey come only with the JDK (and not Sun's JVM or JRE)?
that is will I need to install the JDK to use java on the installation
machine?
Is there another way to add certificates to the identitydb.obj?
by hand perhaps?
I haven't completed all the documentation of the JDK1.2 security tools,
but I would strongly recommend designing them/adding to them (perhaps in
1.2.1) so that an installer can easily and automatically add
certificates to the appropriate files.
--Mark A. Herschberg