Danny20v / eid-applet

Automatically exported from code.google.com/p/eid-applet
Other
0 stars 0 forks source link

updating certifications #56

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
In a big environment individually updating is not possible.

What is the expected output? What do you see instead?

A configurable reference site should be possible that can be automaticly  
consulted one a day/once a week for updates (check a checksum for example, if 
it complies no update is necessary, is there a difference update certifications 
is necessary from the reference  site.)
the reference path should only by an administrator account be changable.

Please provide any additional information below.

all O.S., updating via intranet/internet.(with or without proxy)

Original issue reported on code.google.com by tuxedo93@gmail.com on 15 Oct 2010 at 9:42

GoogleCodeExporter commented 9 years ago
Could you explain a bit more what you mean exactly?

Original comment by frank.co...@gmail.com on 16 Oct 2010 at 4:24

GoogleCodeExporter commented 9 years ago
He might be referring to the certificate used to sign the applet. We found this 
to be an issue sometimes... For example: the signed jar files (last version 
1.0.3GA) are only valid for 1 month (until 14/12/2011). Meaning that anyone who 
wants to rollout to production now must update the eid-applet again next month. 
This is very time consuming is a lot of installations require this applet.

A possible solution might be to not only sign the eid-applet but also timestamp 
the signature, so it remains valid after the expiration date (and hopefully not 
show security errors when loading the applet). 

This can be tested easily by changing your system time (e.g. change it to 
15/12/2011 and you'll see the current release of the eid-applet giving security 
warnings)

Original comment by m...@dimy.be on 14 Nov 2011 at 8:27

GoogleCodeExporter commented 9 years ago
These days we sign the eID Applet with a code signing certificate that lasts 
several years.

Original comment by frank.co...@gmail.com on 17 Oct 2012 at 12:38