This content has been marked as final. Show 2 replies
The way I would go about handling this problem is the same basic way I would go about handling the problem of presenting the user with a trusted applet or Java Web Start application that is signed with a certificate that is not verified by a Certification Authority.
The idea is to put an explanation on the page that links to the applet or launches the JWS app. that explains..
1) That the code needs to be trusted for the reasons (insert reasons here)
2) That the code signing certificate was created by me and is for signing code coming from my site, which is much cheaper than paying the highway robbers that verify code certificates (the CAs), to confirm I am who I say I am.
3) That the user needs to click 'OK' when prompted, in order to use the app.
Of course, if your code signing certificate is verified, you can skip instruction (2).