floater
Java Jedi
总版主
发贴: 3233
积分: 421
|
于 2003-04-10 03:40
When you run your applet in a browser, the browser's java plug-in will prompt you whether you trust the cert(used to sign the applet). You don't need to give to users of your applet, it's already in the jar file and the browser will extract the info in the cert and show to users.
A lot of things, you have to try it, assuming people are smart enough to make things simple.
However, there is a catch. You have to push the CA cert of your cert into user's browser if it's not there. Most of the commercial CA certs are already in the browsers(out of box installation), unless you want to create your own ca cert(using like openssl) because you want to save some dollars.
Finally, you don't need to worry about LDAP, I think. There are several cases you need to do so, but not in your case. As long as users accept your cert in the browsers, the applet will start to run. They don't care whether your cert is valid or not, check against RCL to see whether your certs is revoked or not(You can install some 3rd party tools to do so); and users won't care the fields in your cert either.
However, you need to make sure your cert doesn't have an expire date(normally, cert has 365 days of validation, after that, you need to renew it). Browsers will still display your info, but users could have some doubt(I always reject expired cert no matter what).
"Any fool can write code that a computer can understand. Good programmers write code that humans can understand." - Martin Fowler, Refactoring - Improving the Design of Existing Code
|