Steve,
> I assume the browser you imported the certificate into is the same one
> that you are testing it with? The reason I ask is that the object
> signing CA needs to be present on the browser and set to allow software
> developers (i.e. Security->Signers->Edit). An object signing certificate
> or CA is *not* auto added as untrusted (unlike unknown CA's sent over
> S/MIME) so it needs to be on the browser already.
Yes -- same browser.
> Since I haven't seen the JavaScript in question I can't be too sure if
> the problem is with that. However a frequent bug is that the extra
> privileges needed are not requested.
No -- that's not the problem. I've been trying an extremely simple
JS script. Similar to yours ... which I've also tried. I'm clearly
doing something wrong. Perhaps I'm mis-using the package signing
tool. Following its instructions, I issue a command:
signtool -k CertName -J dirname
"dirname" is the name of the directory containing your html code with
inline javascript. It creates the jar file mentioned within the
inline script automagically: "myArchive.jar". But when I try to
invoke the JS code, it complains:
JavaScript Error: uncaught Java exception
netscape/security/ForbiddenTargetException ("User didn't grant
the UniversalBrowserRead privilege.")
I don't get it. The certificate and CA cert are both in my browser
(thanks to PKCS12), and the signing process appears to work. It just
doesn't like my signed objects!
> I've attached a test file that works with my setup (either via a
> server or local file) if you sign it with your test certificate and
> copy the result to myArchive.jar it should pop up a security box
> giving details of the requested privilege when you click on "Show
> History" and giving you the option to view the signers certificate.
No. It doesn't do this. Just complains as mentioned above.
I'm skeptical about the signing tool instructions. Maybe I should
try the older "zigbert" tool and do things a bit more manually.
Any suggestions will be appreciated.
Thanks in advance. Am posting this reply to the ssl-users list as
well, in case someone else has experienced the same conundrum.
__________________________________________________________
William Dorfmann <[EMAIL PROTECTED]>
KE Software Inc.
Suite 303, 601 West Broadway
Vancouver B.C. V5Z 4C2 CANADA
Tel: (604)877-1960 x 11
Fax: (604)877-1961
WWW: http://www.kesoftware.com
PGP public encryption key at: http://www.kesoftware.com/~dorfmann
+-------------------------------------------------------------------------+
| Administrative requests should be sent to [EMAIL PROTECTED] |
| List service provided by Open Software Associates, http://www.osa.com/ |
+-------------------------------------------------------------------------+
