I am working on an application (and applet) that needs to be signed (not just self-signed). I am looking at using GoDaddy.
Unlike most things in Java world, with code signing it does not seem to be easy to test things without putting out the cash first. So, I would like to ask some quick questions.
 for java signing, I imagine you can use any computer to sign the code (ie it does not need to be signed on the computer that is the webserver). Correct?
 Is there any relationship between the computer I use to sign the code and the signed code itself. For example, lets say I buy a code signing cert from godaddy, but then I change my development computer. Can I still use that same cert on a different comptuer, or is it somehow "linked" to the computer that is used? In other words, if my dev machine crashes, will I need to buy a new cert from GoDaddy (or wherever).
 Has anyone used GoDaddy for code signing. Are there any gotchas?
 I assume that once a code is properly signed, it should work on any platform with a proper JVM... correct?
Anyway, just thought I would ask these questions before I put out the cash with GoDaddy.
 Yes, when my company bought the Verisign certificate, I signed the applet on my development machine and deployed it to the web server. No problems.
 I didn't even know that GoDaddy was in the certificate business. Anyway if it is, the gotcha would be that the customer's browsers might not recognize their certificates as trusted. Browsers are shipped with code to recognize certificates from the well-known trust-sellers like Verisign and Thawte but not necessarily others. Perhaps GoDaddy has a sample applet which they can demonstrate their certificates with.
Joined: Mar 22, 2005
Paul Clapham wrote:the gotcha would be that the customer's browsers might not recognize their certificates as trusted. Browsers are shipped with code to recognize certificates from the well-known trust-sellers like Verisign and Thawte but not necessarily others.
Actually, these days the standard browsers ship with certificates from lots of providers - my Firefox has dozens of them, including GoDaddy. You can view them via Preferences -> Advanced -> Encryption -> View Certificates. (My list had several outdated certificates, and some by providers I considered suspect, so I deleted those.)