Hi,
we are using a Thawte Code Signing Certificate which expires in about 2 years.
After those two years are over, we will have to renew it, to have a valid certificate for signing our Jar files. Our customers use JNLP-files which include more than one Jar File. Let's say, they look like this:
... <jar href="File1.jar" main="true"/>
<jar href="File2.jar"/>....
What happens if we have to send our customers an update of "File2.jar" in 2 years? This is a problem, because "File2.jar" will then have to be signed with the
renewed certificate, whereas "File1.jar" is signed with the old certificate.
All Jar Files in one JNLP File must be signed with the
same certificate, so the question is:
does JWS treat a certificate and its renewal as one certificate?
There would be two workarounds for the problem:
Workaround 1: When delivering the update for "File2.jar", deliver "File1.jar" as well, signed with the renewed certificate.
Workaround 2: put "File2.jar" into an extension
None of these appear to me as a very convincing thing to tell a customer, though.
Any help will be appreciated.