OmniRoot Certificate Center
>
Online Helpdesk
>
CodeSigning Certificate FAQ's
"No certificate request" was made error in Microsoft Internet Explorer
The typical reason for this error is windows not allowing the certificate request creation on the machine (usually due to windows updates locking down the PC).
When you get this box, you should get a cream coloured bar at the top of your screen asking to install the Microsoft certificate installation expansion pack. You need to accept this before the key pair generation process takes place.
Does Cybertrust support kernel node signing on the vista platform?
Our code CodeSigning certificates can be used for the Windows Vista platform and in particular kernel mode software, for which you will need the cross certificate.
The cross certificate is available from Microsoft at http://www.microsoft.com/whdc/winlogo/drvsign/crosscert.mspx and our CodeSigning certificates can be found at http://cybertrust.omniroot.com/codecenter.cfm (select the Microsoft Authenticode Technology)
How does Internet Explorer grant extra power to applets?
You must add code to your applet that requests permission to do any "dangerous" actions, and then sign an archive containing the applet. Your code will need to use Netscape-specific Java classes called the "Netscape Capabilities API". When the applet is loaded by Navigator it will be constrained by the sandbox or restricted set of permissions. When the applet requests permission to do a "dangerous" action the user will be asked if he trusts the developer; if the answer is "no" then the request fails (but the applet keeps running); if the answer is "yes" then the request succeeds and the applet may use the specified "dangerous" capability.
How does Netscape grant extra power to applets?
You must add code to your applet that requests permission to do any "dangerous" actions, and then sign an archive containing the applet. Your code will need to use Netscape-specific Java classes called the "Netscape Capabilities API". When the applet is loaded by Navigator it will be constrained by the sandbox or restricted set of permissions. When the applet requests permission to do a "dangerous" action the user will be asked if he trusts the developer; if the answer is "no" then the request fails (but the applet keeps running); if the answer is "yes" then the request succeeds and the applet may use the specified "dangerous" capability.
How do I Code Sign my files using Microsoft authenticode tools?
The files must be wrapped into a .cab archive and then signed with a Microsoft Authenticode ID.
How do I Code Sign my files using Netscape ObjectSign tools?
The files must be signed with a Netscape Code Signing Certificate (creating a "manifest" of the files), and then the files and manifest must be wrapped into a .jar archive.
* Do not use blank fields in your csr, if you do not wish a field to be in your certificate, do not create this field in your CSR. eg "Locality= " will result in our system refusing your request.
What happens if I code sign an applet with a valid certificate which has expired in the meantime?
Netscape's tools won't let you sign an applet with an expired certificate. However, Navigator will treat an applet signed with a currently-expired certificate the same as an applet signed with a still-valid certificate. Microsoft's tools allow you to attach an unforgeable timestamp to your archive. Archives which were timestamped and signed with valid certificates will be treated as secure even after the certificate expires; archives that were not timestamped or were timestamped after the certificate had expired will be reported as suspect.
Which Browser versions are required for code signing?
Netscape Navigator, version 4.0 and above
Microsoft Internet Explorer on Windows, version 4.0 and above
Does Cybertrust provide test CodeSigning certificates?
At the moment, Cybertrust does not provide test SureCodeSign certificates.
Do I Need to purchase a different CodeSign certificate to sign applets for Internet Explorer and Netscape?
Unfortunately yes, there are technological differences between Microsoft Authenticode and Netscape Object Signing so that applets signed with Microsoft technology won't be recognised under netscape nor applets signed with Netscape won't be recognised under microsoft. You currently need a different certificate for each platform
If I use a browser that does not know Cybertrust, what are the steps I need to do to download an applet signed with a Cybertrust certificate?
Actually the only thing the customer will have to do when downloading the applet is to trust the publisher and normally he should be presented a dialog box asking whether he wants or not to trust that publisher and should the user choose "yes" then the publisher will be stored in his security database, so that the customer won't deal with a security dialog box if he's downloading an applet signed by the same publisher. If he chooses "no" then he will need to grant access next time he tries to download an applet signed by the same publisher.
Why are some Cybertrust CodeSigning certificates signed by "GlobalSign Object CA"?
There is an agreement between Cybertrust and GlobalSign in which the object sign certificates for Microsoft Technology are being signed by "GlobalSign Object Publishing CA" while the object sign certificates for Java Technology are being signed by "Cybertrust SureServer Object CA". This is because the respective root certificates ("GlobalSign Root CA" and "GTE Cyber Trust Global Root") are better supported by default by these different Technologies.
|
