Mozilla supports the signing of remote JavaScript with a certificate so it may have enhanced privileges to do cool stuff not normally possible.



The section of Chapter 12, Certificate Authorities and Digital Signatures has some fundamental flaws in the design of a Certificate Authority. Using the information in this section cannot result in a legitimate and working Certificate Authority for signed remote Mozilla applications.

The information and examples in this section do, however, allow you to create your own object signing certificate with Certutil for use with Signtool if you sign your applications with the same key3.db that was generated by Certutil to create all your certificates with. The same private key in key3.db are required by Signtool as created by Certutil.

The information in the section is semi-useful because it is an alternative to making self-signed JARs that are limited to 90 days, and always nag the user if the script is allowed to run. However, the user is required to install the unique distribution certificate for your application. There will no longer be a standard MozDev certificate.

Good news:

A draft of an updated Certificate Authorities and Digital Signatures is being worked on here. It is not near complete yet.

-- Eric Murphy



News item goes here