Context: I write JavaScript to run the executable and configure some registry entries on the client machine. I signed .JAR using SignTool and my company’s Authenticode certificate, but when I run the script, a dialog box appears with the message:
There is no mention of a root certificate (in this case, Comodo, I believe), so I could also create a self-signed certificate to put the company name string in the dialog box.
My question is: is that all the user should see? This jar:http://www.mozilla.org/projects/security/components/signed-script-demo.jar!/signed-script-demo.html example page jar:http://www.mozilla.org/projects/security/components/signed-script-demo.jar!/signed-script-demo.html shows the same dialog, but there is still no either a “verify this certificate” link or a mention of the root CA.
Are there any new resources for writing signed scripts? The mozilla pages are mostly several years old, and there are many links to broken documentation on developer.netscape.com.
- Martin
MLdeS source share