Is this the right product for my business?
A Thawte Code Signing Certificate is strongly recommended
for any publisher intending to distribute code or content
over the Internet or over corporate extranets. The risks
of impersonation and information interference on the
Internet are real. Customers are aware of the dangers
involved and are far more trusting of a signed download.
A Thawte Code Signing Certificate is an effective
way to distribute authentic software over the Internet.
It is a best-of-breed product that offers full protection,
ease of use and flexibility (multi-platform and multi-code
usability).
What does it do?
A Thawte Code Signing Certificate serves to reduce
the risks associated with software and application downloads
by providing a digital signature that:
- Confirms that software has indeed come from
the Publisher who has signed it.
The process
- You generate a private/public key pair and submit
the public portion to us for certification along
with documentation to prove your identity
- Once we have completed the authentication and
verification process, we issue you with a certificate
containing your full organizational name and your
public key
The customer experience
On commencement of download, a built-in browser feature
presents users with a pop-up window containing your
details. They then have the option of accepting your
credentials and proceeding with the download, or cancelling
the process.
Once your signature has been verified in this manner,
customers can confidently and safely download the applets,
plug-ins or macros from your site.
Technical details:
There are different certificate types. The type you
choose depends largely on the nature of the end-user
software that will be using your signed code.
What would you like to sign?
I want to sign Java applets
for the Java 2 plugin, what do I use?
|
option |
certification type |
code signing tool/toolkit |
end user software |
|
option 1 |
JavaSoft |
Sun Java JDK 1.3 * |
Java 2 Plugin *** |
|
option 2 |
Netscape Object Signing |
Netscape Signtool 1.1-1.2 ** |
Java 2 Plugin
(version 1.2.2) *** |
|
option 3 |
JavaSoft |
Netscape Signtool 1.3 |
Java 2 Plugin
(version 1.3 and above) *** |
I want to sign
Java applets for Navigator/JVM 1.1.x, what do I use?
|
option |
certification type |
code signing tool/toolkit |
end user software |
|
option 1 |
Netscape Object Signing |
Netscape Signtool 1.1-1.3 |
Netscape Navigator / JVM 1.1.x |
|
option 2 |
Any "Multi-purpose"
certificate **** |
Netscape Signtool 1.1-1.3 |
Netscape Navigator / JVM 1.1.x |
I want to sign Java applets
for MS, what do I use?
|
option |
certification type |
code signing tool/toolkit |
end user software |
|
option 1 |
Microsoft Authenticode |
MS Inet SDK, MS Java SDK |
MS Internet Explorer 4.0+ / MS JVM |
|
option 2 |
Any "Multi-purpose"
certificate **** |
MS Inet SDK, MS Java SDK |
MS Internet Explorer 4.0+ / MS JVM |
I want to sign a ".cab", ".exe",
or ".dll", file what do I use?
|
option |
certification type |
code signing tool/toolkit |
end user software |
|
option 1 |
Microsoft Authenticode |
MS Inet SDK, MS Java SDK |
MS Internet Explorer 4.0+ / MS JVM |
|
option 2 |
Any "Multi-purpose"
certificate **** |
MS Inet SDK, MS Java SDK |
MS Internet Explorer 4.0+ / MS JVM |
I want to sign an Office
2000 Macro, what do I use?
|
option |
certification type |
code signing tool/toolkit |
end user software |
|
option 1 |
Microsoft Authenticode |
MS Inet SDK, MS Java SDK |
MS Internet Explorer 4.0+ / MS JVM |
|
option 2 |
Any "Multi-purpose"
certificate **** |
MS Inet SDK, MS Java SDK |
MS Internet Explorer 4.0+ / MS JVM |
I want to sign Navigator/JVM
1.1.x and Internet Explorer objects, what do I use?
|
option |
certification type |
code signing tool/toolkit |
end user software |
|
option 1 |
Any "Multi-purpose"
certificate **** |
MS Inet SDK, MS Java SDK
Netscape Signtool 1.1-1.3 |
MS Internet Explorer
Netscape Navigator |
I want to sign everything,
what do I use?
|
option |
certification type |
code signing tool/toolkit |
end user software |
|
option 1 |
Any "Multi-purpose"
certificate **** |
MS Inet SDK, MS Java SDK
Netscape Signtool 1.1-1.3 |
MS Internet Explorer
Netscape Navigator
Java 2 plugin ** |
I want to sign Apple content,
what do I use?
|
option |
certification type |
code signing tool/toolkit |
end user software |
|
option 1 |
Apple Code Signing |
Apple Data Security
Services SDK |
Apple MacOS 9 |
|
option 2 |
Any "Multi-purpose"
certificate **** |
Apple Data Security
Services SDK |
Apple MacOS 9 |
I want to sign a Marimba
Channel, what do I use?
|
option |
certification type |
code signing tool/toolkit |
end user software |
|
option 1 |
Marimba Channel
Signing |
Castanet Tuner |
Marimba |
|
option 2 |
Marimba Channel Signing |
Castanet Tuner |
Marimba |
* You can use Sun Java JDK
1.2.x just as long as you use the copy of keytool
that ships with Sun Java JDK 1.3.
** Plugin 1.2.2: You have to
use version 1.0, version 1.1, or version 1.2 of
signtool if you want to sign Java applets for any
version of the Java 2 Plugin prior to version 1.3.
Also note that only version 1.2.2 and above of the
plugin supports Netscape Object Signing (signtool).
Please note that Netscape does _not_ support Signtool
1.0, 1.1, and 1.2 - if you don't already have it
you'll have to get it from someplace other than
www.netscape.com. Try comp.lang.java.security. Plugin
1.3: You can use any version of signtool if you
are aiming your code at version 1.3 and above of
the Java 2 plugin.
*** There are certain limitations
regarding the CA roots that the Java 2 plugin can
access. This is true for both methods of Java 2
applet signing.
**** Multi-Purpose Certificates:
When we use the term "multi-purpose certificates"
we refer to any of the following certificates: Netscape
Object Signing, Microsoft Authenticode, Apple Code
Signing, and Marimba channel signing certificates.
These certificates can each be converted from one
type to the other. If you have an Authenticode certificate,
you can convert it to a Netscape Object Signing
certificate, and visa versa.
Office 2000 requires that the
certificate and private key be installed in the
Windows registry. Our request process gives you
two choices for the way in which the key pair is
stored. One, is in the registry. The other is to
store the certificate in an .spc file and the private
key in a .pvk file. Microsoft provides a tool that
will import the .spc and .pvk into the registry
so getting the key pair in file format is not a
problem. It is also easier to backup a .pvk file
than to backup a file in the registry.
The choice is yours.
Certificate Types:
Apple Developer Certificate
These certificates can be used by Apple developers
with a future version of the Apple Mac OS to sign software
for electronic distribution.
JavaSoft Developer Certificate
These certificates can be used with JavaSoft's JDK
1.3 and later to sign applets.
Microsoft Authenticode (Multi-Purpose) Certificate
These certificates are used with the Microsoft InetSDK
developer tools to sign ActiveX controls, .CAB, .EXE
and .DLL files, and other potentially harmful active
content on on Microsoft Windows Vista, XP, 2000, NT
and 95 platforms. Please note that these Authenticode
certificates only work with Microsoft IE 4.0 and later.
Netscape Code-Signing Certificate
These certificates are used to sign Java applets,
browser plug-ins and other active content on the Netscape
Communicator platform.
VBA Developer Certificate
These certificates are identical to Microsoft Authenticode
certificates, and are used by developers to sign macros
in Office 2000 and other VBA 6.0 environments.
AdobeŽAIR™ Developer Certificate
These certificates are used to sign application for
Adobe AIR.
Code
Signing Certificates