Thawte and Java Code Signing.
» Tagged as: security
When it comes to java code signing it seems we have to choose between the devil and the deep blue sea (Thawte and Verisign). Unfortunately they are two sides of the same coin. Thawte is owned by verisign.
Their prices though are slightly different, with thawte's been lower (but still outrageous). It wouldn't matter if they treated their customers right or had a website that worked or had sufficient documentation on it. They have compensated for that by hiring a bunch of stand up comedians as their support staff.
I have renewed code signing certificates often enough to know how it works (even though there is no documentation to speak of on the Thawte site). First up I created a CSR using Keytool and had it tested using the form on their site - It passed the test.
Next I enterd my credit card information and hit submit? what do I get a blank page. Now I am unsure whether the transaction has been processed or whether there has been an error. I waited 24 hours (giving sufficient time for the credit card online statement to be updated) before trying again. Same result. Now I write my first mail to thawte.
A little later I try again using the Safari browser (earlier I used firefox on OS X). Still the same result. Then I try again - this time with Camino? The thawte site stubbornly refuse to produce anything more than a blank page. Now I send my second mail.
Then it's time to try it out on linux no prizes for guessing the result - a blank page. Now it's time for a third email.