The Firefox id selector (0.9.4) now displays the issuer logo from the relying party's X509 certificate again. I had added that code last autumn but the code calling this code was lost when Chuck redesigned the GUI in preparation of an IIW. I never cared much to put it back in, because I was kind of frustrated with EV certificates. I tried really hard to generate an EV certificate; I generated a CA certificate and put in the "trusted" store. Next I used that to generate a SSL server certificate which had everything in it what is required to comply to the Certificate Guidelines. But neither IE7 nor Cardspace accepted this as an EV certificate. Then I learned that being an EV certificate is not a matter of the certificate but a matter of the certificate store. Microsoft developers have a custom tool to turn a certificate inside the store into an EV certificate :-{
Well, this weekend I put the code back in. Here are two pictures of the Firefox id selector displaying the issuer logo from my own local relying party
and the issuer logo from verisign's PIP relying party.
The logotype ASN.1 stuff is here. The java code to generate my own SSL server certificate with logotype support is here in org.xmldap.util.CertsAndKeys.java.
Example code how to use the code is in the JUNIT test org.xmldap.asn1.LogotypeTest.java.
Integrity Properties for Federations
2 weeks ago
No comments:
Post a Comment