Meaningless Drivel is fun!*
The moose likes Security and the fly likes I need clarification regarding the different types of certificate-[Please help] Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "I need clarification regarding the different types of certificate-[Please help]" Watch "I need clarification regarding the different types of certificate-[Please help]" New topic
Author

I need clarification regarding the different types of certificate-[Please help]

Mouza Ali
Ranch Hand

Joined: Oct 28, 2008
Posts: 39
Hello all,

I hope that I get some replyies this time. I'm really confused regarding the difference between java code signing and web service signing. I will describe the case below clearly:

1. I have a self signed root certificate.
2. I have a certificate that is signed with the root certificate, and used for authorizing a server.

On the other hand:

1. I have an applet signed separately. And what I mean by separately is that I don't sign it using that already created self signed certificate. It is a self signed certificate.

So, my question is:

1. Should I have one CA for both the server and the applet, or I should keep them separate like what 've just I explained.

Please, I need urgent clarification as there are not much documentation about this thing on the Internet.
Mouza Ali
Ranch Hand

Joined: Oct 28, 2008
Posts: 39
Please, can anyone reply?
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41508
    
  53
I'm not sure what the point of having separate root certificates would be; maybe you can tell us what prompted this approach. (Actually, I've never had the need to even create one root certificate, so maybe that's why I don't understand why one might want to use several of them.)


Ping & DNS - my free Android networking tools app
Mouza Ali
Ranch Hand

Joined: Oct 28, 2008
Posts: 39
Ulf Dittmer wrote:I'm not sure what the point of having separate root certificates would be; maybe you can tell us what prompted this approach. (Actually, I've never had the need to even create one root certificate, so maybe that's why I don't understand why one might want to use several of them.)

Thanks Ulf for your reply.

Actually I got this idea after I googled for a very long time and I found that there is agroup of people saying that: " an SSL certificate shouldn't or better to say can't be used for java signing".

I might interpurted this wrognly. Anyway I'll explain the issue more clearly:

1. I have a bank server that should have a certificate signed by root CA and under this bank there is an Applet running ofcourse on the client side. On the other hand, I signed the applet with the same root CA that signed the bank SSL certificate. I didn't sign the Applet with the back certificate.

That is the point of my discussion. Should I sign the applet with the Bank SSL certificate or with the root CA!
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41508
    
  53
If this is an actual banking application, then security is of high importance. That means you need certificates signed by actual root authorities -like Verisign-, not something you cooked up on your own. That certificate should be used for signing everything.
Mouza Ali
Ranch Hand

Joined: Oct 28, 2008
Posts: 39
Ulf Dittmer wrote:If this is an actual banking application, then security is of high importance. That means you need certificates signed by actual root authorities -like Verisign-, not something you cooked up on your own. That certificate should be used for signing everything.


But for developing purposes, I don't need to acquire a real CA for the moment.
greg stark
Ranch Hand

Joined: Aug 10, 2006
Posts: 220
What those posts were trying to say is that you should not use the same private key for both SSL and code signing. You can certainly use the same CA to sign the certificates for both kinds of keys, provided of course that the CA certificate is trusted for both those purposes. Not all are.


Nice to meet you.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: I need clarification regarding the different types of certificate-[Please help]