My company is developing a Firefox 1.0 extension and we would like to digitally sign the XPI. However, Firefox will not recognize the XPI as being signed. We have a certificate from a reputable CA, and have attempted to sign the file using Java's keytool/jarsigner and Netscape signtool. In both cases, the resulting XPI contains a META-INF directory containing the files manifest.mf, zigbert.rsa and zigbert.sf. ( For the Java tools the names of the rsa and sf files are a prefix of the owner of the certificate).
In examining the problem, I also tried to install the "simple signed XPI testcase" at http://www.mozilla.org/projects/xpinstall/signed/testcases/, but Firefox did not recognize this as being signed either. The only XPI that appears in Firefox as being signed is http://www.swiftview.com/product/sv_710/svinstall_p.xpi (cf Bugzilla post https://bugzilla.mozilla.org/show_bug.cgi?id=273406 ). Has anyone else experienced this problem, and know if special steps must be taken in signing XPIs? Also, to examine the problem further, I would like to try to install other signed XPIs, but in general I have had difficulty finding signed XPI files. If anyone knows of any others please let me know. Tom _______________________________________________ Mozilla-xpinstall mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-xpinstall
