Microsoft, as usual, has come up with entirely new solutions to the problem of code signing. It uses its own archive format and a set of code-signing tools based around the Microsoft CryptoAPI.
You’ll have to install two pieces of software to sign code for Internet Explorer. First, you’ll need the browser, Internet Explorer 4.0, available from http://www.microsoft.com/ie/ie40/. For the archive and code-signing tools, you’ll need the SDK for Java 2.0, available from http://www.microsoft.com/java/.
Prepare a Signer
Microsoft’s tools allow you to create a test certificate that you can use for signing. This means you can experiment with signed applets without shelling out $20 for a real certificate. If you want to sign code with a real certificate, you can buy one from VeriSign (http://www.verisign.com/).
To create a test certificate, you can use tools that are installed as part of the SDK for Java, in the SDK-Java.20\Bin\PackSign directory:
MakeCert -sk JonathanKey -n CN=JonathanCompany Jonathan.cert
This creates a certificate file called
Jonathan.cert. It uses the secret key called
JonathanKey. If there is no such key,
MakeCert creates one. This key is stored in a
private key management database and can be accessed later. The
-n option is used to specify what name is placed
on the newly created certificate. You need a
Software Publisher Certificate (SPC) to
sign code. The SDK for Java has a handy utility that converts a
certificate into an SPC:
Cert2SPC Jonathan.cert ...