Aurigma offers private-label versions as a part of our Premium license offering. When your customers install ActiveX/Java Uploader on their computers, they see a security warning displaying the name of the company that owns the software. By default, customers see Aurigma, Inc. If you want to replace Aurigma's name with your company name, you can order a private-label version. In this case Aurigma creates a special custom uploader for you. Your company, in its turn, should then purchase a code singing certificate from one of the certificate authorities (e.g. Thawte or VeriSign) and sign the binaries with it.
This topic explains the steps required for signing a private-label version. You can disregard this topic if you don't have a private-label version of ActiveX/Java Uploader on your website.
To make Java Uploader automatically install in a browser, it should be packed as a JAR file. The JAR (Java application archive) file is a format developed by Sun for packaging Java applications. For more details about embedding Java Uploader on a Web page see Using Private-label Version of ActiveX/Java Uploader.
It would be insecure to enable a browser to download from the Web and install arbitrary software, because malicious people could distribute harmful code. Therefore, to avoid security problems browsers usually require applets and other software to be digitally signed using a special code signing certificate which is granted to software vendors by such certificate authorities as VeriSign and Thawte. Certificates ensure that the software being installed was actually developed by the specified vendor.
Though browser settings can be adjusted so that unsigned software can be installed, the default settings and corporate company-wide security policies usually do not allow this.
To sign Java Uploader controls with a Microsoft Authenticode Certificate you will need:
First, you will need to convert the certificate to the PKCS12 format (.pfx file). To convert the certificate, perform the following steps:
"<Path to .pvk to .pfx converter>\pvk2pfx.exe" -pvk "<Path to certs>\MyKey.pvk" -spc
"<Path to certs>\MyCert.spc" -pfx "<Path to certs>\MyCert.pfx" -f
where <Path to .pvk to .pfx converter> is a path to the pvk2pfx utility
(typically, it is located in the /Bin subfolder of the Windows SDK installation folder),
and <Path to certs> is a path to your SPC and PVK certificate files.
Now, when you have the converted certificate, sign the JAR file by performing the following steps:
Bin directory of JDK, for example:
cd "C:\Program Files\Java\jdk1.7.0_40\bin"
keytool -list -v -storetype pkcs12 -keystore <PFX file>where <PFX file> is a name of your converted certificate.
jarsigner -storetype pkcs12 -keystore <PFX file> Uploader8.jar <alias>
where <PFX file> is the name of your converted certificate,
and <alias> is the alias listed in the output from the
keytool -list -v command that was run in the previous step.
jarsigner -verify -certs Uploader8.jar