Self-signed security certificates.. (oh, the evil)

There are a number of ways to get a security certificate that
will (if accepted by the end user) allow applets and other
projects to gain extended privileges.

However, signing an applet or application can be a daunting
task, especially in regards to acquiring a valid security
certificate. As a result of this, a lot of developers are
discouraged from taking that route.

The developer might be prepared to pay for a fully verified
certificate, but they generally would want to see the process
work before they lay down $, right?

Some of the ways of getting a certificate *for* *testing*
purposes are expensive, while others are quite obtuse
or difficult.

Are there any IDE's that will do this stuff* for you?
* Create a self signed certificate and sign a jar with it.

Is my assumption that 'people want to see it work
before paying money' valid?

Most specifically, can anybody here attest that they
*paid* for a code signing certificate before they had
seen it work for a project?

[ This is all leading to "Does it make sense to issue a
'self-signed' certificate for all to use, in the name of
'!!Danger!! - Developer Only!'..."? ]

--
Andrew Thompson
physci.org 1point1c.org javasaver.com lensescapes.com athompson.info
"Power and priviledge cannot move a people, who know where they stand, and
stand in the law."
Paul Kelly 'From Little Things, Big Things Grow'
.

Relevant Pages

  • Re: Not seeing signed applets on first run
    ... I used to accept certificates each run for applets using our own certificate, but I stopped since we just have two signed applets and I didin't seem to surface any problems. ... In this case I deleted our certificate to test, and did see the security dialog coming up. ... But if a true "virgin computer" is one that never accepted any certificate we will not do well finding such computers on this list unless people check on new computers or computers with a clean install of the OS. ...
    (comp.lang.java.programmer)
  • Re: Accessing Microsoft Outlook from a Java applet
    ... > Outlook or windows registry using COM calls. ... > For what I need (getting and setting only Outlook accounts) seems that ... It basically links a certificate to your applets that tells users who wrote ...
    (comp.lang.java)
  • Re: Defending yourself against Nazi IT departments
    ... But well, if the IT department cares, he won't be able to run those in first place. ... Even fully untrusted Java Applets have permission to preselect a user-chosen certificate on a SSLSocketConnection object. ... They also didn't implement appropriate configuration of the Java VM to disallow all but whitelisted applets, but they may have limited it to never trust any applet. ... but it's still allowed to first select its own certificate loaded from its resource and then create a SSLSocketConnection with this certificate. ...
    (comp.security.firewalls)
  • Re: cannot connect to mySQL database using an applet
    ... you can buy a certificate to sign applets. ... Matt Parker wrote: ... You can generate your own signing certificate (if you don't mind ...
    (comp.lang.java.help)
  • Re: applet signing
    ... > I'm attempting to sign some applets that will step outside the sandbox by ... If you have apache & OpenSSL you can create your own certificates. ... After the certificate is created you can use microsoft's signcode ...
    (comp.lang.java.programmer)