Hey guys,
I'm a bit of a Java noob but could someone please explain digital signatures to me. I have an application and I build it using the command

javac -classpath %CP% TunerApplet.java
jar cvf TunerApplet.jar *.class
jarsigner -keystore Tuner -storepass authentic -keypass authentic TunerApplet.jar Tuner

As a guess it would be the jarsigner command that adds the signature. The application works fine except you get a "The application's digital signature cannot be verified" etc. and the users can choose to run or cancel or whatever. Is there a way to get a "Verified" digital signature so we don't get these messages, I have no idea how to get one but am I right in thinking I just save it as "Tuner" in the same DIR as the TunerApplet.java command (Oh and change the storepass and keypass flags to whatever they might be)
Thanx,
Sam

You need to get an ssl certificate from an official certificate agency like Verisign.
This is the same you'd do when you set up a server on https.

If you don't have one, jarsigner will create a "fake" certificate. These are called "unverified" because there's no trusted agency behind them, anyone (including computer criminals) can create one.

You need to get an ssl certificate from an official certificate agency like Verisign.
This is the same you'd do when you set up a server on https.

If you don't have one, jarsigner will create a "fake" certificate. These are called "unverified" because there's no trusted agency behind them, anyone (including computer criminals) can create one.

1) Does the certificate have to be valid for the domain the applet it running on (Like our applet will run on www.sharporflat.com, does the signature have to be valid for www.sharporflat.com or can it just be any domain)
2) I have an SSL certificate from Verisign and it has two files (Public and private key) which are nothing like the single file I need to use with jarsigner

1) yes, certificates are domain (or even server) specific.
2) read the documentation for jarsigner. Downloading the certificate from the site (the .cer file your browser might get you for example) will give you what you need to sign for that site.

This article has been dead for over six months. Start a new discussion instead.