Win a copy of Spring Boot in Practice this week in the Spring forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
Sheriffs:
  • Liutauras Vilda
  • Henry Wong
  • Devaka Cooray
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Al Hobbs
  • Carey Brown
Bartenders:
  • Piet Souris
  • Mikalai Zaikin
  • Himai Minh

I need clarification regarding the different types of certificate-[Please help]

 
Ranch Hand
Posts: 39
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello all,

I hope that I get some replyies this time. I'm really confused regarding the difference between java code signing and web service signing. I will describe the case below clearly:

1. I have a self signed root certificate.
2. I have a certificate that is signed with the root certificate, and used for authorizing a server.

On the other hand:

1. I have an applet signed separately. And what I mean by separately is that I don't sign it using that already created self signed certificate. It is a self signed certificate.

So, my question is:

1. Should I have one CA for both the server and the applet, or I should keep them separate like what 've just I explained.

Please, I need urgent clarification as there are not much documentation about this thing on the Internet.
 
Mouza Ali
Ranch Hand
Posts: 39
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Please, can anyone reply?
 
Rancher
Posts: 43028
76
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm not sure what the point of having separate root certificates would be; maybe you can tell us what prompted this approach. (Actually, I've never had the need to even create one root certificate, so maybe that's why I don't understand why one might want to use several of them.)
 
Mouza Ali
Ranch Hand
Posts: 39
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Ulf Dittmer wrote:I'm not sure what the point of having separate root certificates would be; maybe you can tell us what prompted this approach. (Actually, I've never had the need to even create one root certificate, so maybe that's why I don't understand why one might want to use several of them.)


Thanks Ulf for your reply.

Actually I got this idea after I googled for a very long time and I found that there is agroup of people saying that: " an SSL certificate shouldn't or better to say can't be used for java signing".

I might interpurted this wrognly. Anyway I'll explain the issue more clearly:

1. I have a bank server that should have a certificate signed by root CA and under this bank there is an Applet running ofcourse on the client side. On the other hand, I signed the applet with the same root CA that signed the bank SSL certificate. I didn't sign the Applet with the back certificate.

That is the point of my discussion. Should I sign the applet with the Bank SSL certificate or with the root CA!
 
Ulf Dittmer
Rancher
Posts: 43028
76
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If this is an actual banking application, then security is of high importance. That means you need certificates signed by actual root authorities -like Verisign-, not something you cooked up on your own. That certificate should be used for signing everything.
 
Mouza Ali
Ranch Hand
Posts: 39
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Ulf Dittmer wrote:If this is an actual banking application, then security is of high importance. That means you need certificates signed by actual root authorities -like Verisign-, not something you cooked up on your own. That certificate should be used for signing everything.



But for developing purposes, I don't need to acquire a real CA for the moment.
 
Ranch Hand
Posts: 220
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
What those posts were trying to say is that you should not use the same private key for both SSL and code signing. You can certainly use the same CA to sign the certificates for both kinds of keys, provided of course that the CA certificate is trusted for both those purposes. Not all are.
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic