VeriSign Code Signing for Macromedia Shockwave For developers and software publishers who use Macromedia® Director® 8
Shockwave Studio, code signing reduces error messages and builds trust in your reputation. VeriSign® Code Signing Certificates for
Macromedia® Shockwave® authenticate your identity and validate code integrity.
- Digitally sign files created with Macromedia® Director® 8 Shockwave Studio
- Show customers that your code and content is safe to download
- Protect your brand and your reputation with a trusted digital signature
Benefits of VeriSign Code Signing
- Increase the adoption and distribution of downloadable software with digital signatures
- Build a trusted relationship for your brand by reducing error messages and security warnings
- Protect users from downloading harmful files
- Go with the leader: VeriSign supports more platforms than any other provider
Enrollment Process
- Generate a Certificate Signing Request (CSR)
It looks something like this:
Step 1: Download Signing Tools
If you have not already done so, download the Java 2 Software Development Kit (SDK). The latest version is available
free of charge for the Solaris SPARC/x86, Linux86, and Microsoft Windows platforms from
http://java.sun.com/javase/downloads/index.jsp
You will be using the keytool, jar, and jarsigner to apply for your Code Signing Digital ID and sign your code.
Step 2: Enrollment
Create a Keystore
To generate a public/private key pair, enter the following command, specifying a name for your keystore and an alias as well
keytool -genkey -keyalg rsa -keystore <keystore_filename> -alias <alias_name>
Keytool prompts you to enter a password for your keystore, your name, organization, and address. The public/private key pair generated by keytool is saved to your keystore and will be used to sign Java Applets and applications. This key is never sent to VeriSign and is required to sign code. VeriSign encourages you to make a copy of the public/private key pair and store it in a safe deposit box or other secure location. If the key is lost or stolen, contact VeriSign immediately to have it revoked.
Generate a CSR
You need to generate a Certificate Signing Request (CSR) for the enrollment process.
The following command requests Keytool to create a CSR for the key pair in the keystore:
keytool -certreq -file certreq.csr -keystore <keystore_filename> -alias <alias_name>
Begin the enrollment process for a Code Signing ID from the products and services section of the VeriSign Web site.
Copy the contents of the CSR and paste them directly into the VeriSign enrollment form. Open the file in a text editor that does not add extra characters (Notepad or Vi are recommended).
- Select Certificate Options - choose a validity period.
Validity period: a longer validity period reduces the annual cost of your VeriSign® Code Signing Certificate for Microsoft® Authenticode®.
The validity period is the active lifespan for the certificate. At the end of the validity period, the certificate must be renewed to remain active. A longer
validity period typically includes cost savings and you won't need to renew the certificate as often for it to remain active. A shorter validity period
provides greater security and integrity because the certificate's common name and organizational information must be re-authenticated more often.
Requesting 2 and 3-Year Certificates
Note the following restrictions when selecting a 2 or 3-year validity period:
- A 3-year SSL Certificate is compatible only with a 2048-bit private key (or stronger). When generating your CSR, make sure the generated key is at least
2048 bits. Note: This does not apply to Code Signing IDs.
- The 2 and 3-year options are not available for CodeSigner Pro.
- For certificate and organizational integrity, your organization will be re-authenticated after two years (with no action required on your part).
If your organization name or domain ownership has changed since purchasing this certificate, the certificate may be subject to revocation.
- Enter Required Information
- Technical contact: Name, address, phone number, and the email address where the certificate and renewal notices should be delivered.
- Certificate information: The organization name that will appear in the code signing certificate. Provide the cryptographic service provider (the software or hardware token where the key pair will be generated), and a backup location for your private key such as a hardware token.
- Challenge phrase: A password used to renew or revoke your certificate.
- Organizational contact: VeriSign contacts this person to authorize your certificate request as part of the certificate authentication process. Provide accurate information to expedite the process and to ensure that renewal notices reach the organization contact.
- Payment information: VeriSign must receive payment before delivering your certificate.
- Pickup Your Code Signing Certificate.
Once approved and payment is received, you will receive an email containing your VeriSign® Code Signing Certificate for Macromedia® Shockwave® or directing you to a URL for pickup. If you have problems with retrieval, confirm that you are using the same computer, browser, and log-in profile used to enroll.
Digital Shrink Wrap to Protect Your Brand
VeriSign® Code Signing Certificates provide a virtual "shrink wrap" for secure delivery of content over the Internet.
When customers download Shockwave content, digitally signed and verified by VeriSign, they can be assured of the content
source and the content integrity. Code Signing adds a level of trust to your applications and makes them harder to falsify or damage,
protecting your brand and your intellectual property.
Increase Customer Confidence with a Trusted Digital Signature
VeriSign authenticates the identity and authority of the certificate requestor using our robust, time-tested verification process.
When Shockwave users download content, a security warning might ask whether or not to trust it, showing the source of the code verified by
VeriSign. Users have the confidence to proceed when they see VeriSign.
The Leader in Online Trust and Security
VeriSign supports more platforms than any other code signing provider with the most reliable infrastructure and the most trusted security
brand on the Internet (Tec-Ed Whitepaper, PDF, Oct. 2007). Because VeriSign root certificates come preinstalled on most end users’ devices
and embedded in most applications, the digital signature authentication and verification process is seamless and transparent to most end users.
|
Все SSL сертификаты VERISIGN
