Fwd: Re: [rfc][icedtea-web] reproducer for PR905
Danesh Dadachanji
ddadacha at redhat.com
Wed Apr 4 09:16:55 PDT 2012
On 04/04/12 12:05 PM, Jiri Vanek wrote:
> On 04/04/2012 05:58 PM, Deepak Bhole wrote:
>> * Jiri Vanek<jvanek at redhat.com> [2012-04-04 11:55]:
>>> ...snip...
>>>>>>>
>>>>
>>>>
>>>> How about creating a cert, importing it and then signing everything with that
>>>> cert?
>>>>
>>>
>>> Applet is then not asking user anymore???
>>>
>>> If this is true than this is granzgenial:)
>>>
>>> It will need some logic to import the certs to browser, but it will
>>> be needed anyway (see http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-March/017799.html
>>> for more about browser detection)
>>>
>>
>> If you choose to always trust it, yes it shouldn't ask any more.
>
> hmmm... Can be much harder then to control this fully-automatically.
> (means create certificate during make is easy, sign all stuff with this certificate is easy, import certificate to browsers should be
> also easy (just cp I believe), force the browser to force this new certificate without prompt can be however impossible :( )
> If it is possible to accept it just oncetimes for all future-generated certificates - it will do the job as well.
>
Can't you just add it to the keystore? That's what "Always Trust" does anyway IIRC.
> I would like to avoid one static certificate which have to be refreshed each .. some times...
>
>
>>
>> Cheers,
>> Deepak
>
More information about the distro-pkg-dev
mailing list