Hi, I'm working on a Java Applet, which must run in an offline and standalone XULRunner (web browser) application.
What happens: everything works perfectly, but the first time the applet is loaded, the user need to give access rights to the applet, because it "cannot be verified", with a dialog box.
The problem: Since the user ran the executable, we can assume he already trusted the application somehow. Thus, having to validate the applet separately is too technical (what? what is a java? what should I do?) and scary for the end-user (I am connected on the internet? This is a security issue!).
My question:
is there a way to pre-register the jar's key somewhere in the mozilla config, or java plugin preferences ?
or should I buy a "certified authority" certificate ? I never used this kind of stuff - does it needs to connect to the web to verify the key? this is not very clear
should I run my own local "CA" server, packaged with the standalone browser ?