| Author |
Signing a JAR using a certificate
|
Tokai Moshai
Greenhorn
Joined: May 24, 2006
Posts: 16
|
|
Hi, I've already spent hours on this, please post if you know whats going on. Thank you very much.
Here is the problem: I've a certificate file, say name is: mycert.crt. I've a JAR applet named myapplet.jar. I need to sign the applet so that it runs on a website. I know the private key and public key of the certificate. I tried to import it using the keytool:
Then I tried to sign the jar file using the following:
When I verify it, it says the JAR is signed.
However, when I try to run it I get the error message: The jar is signed but the application's digital signature is invalid (not exact wording).
I've an already signed jar that works fine but the one I try to sign does not work. Any solution?
[ May 31, 2006: Message edited by: Tokai Moshai ]
|
 |
Jeff Osborn
Greenhorn
Joined: Jun 12, 2006
Posts: 8
|
|
This can be a nightmare.
These steps take you through all that you will need to do to create a key store, a self signed certificate, export the certificate and then sign the jar
Keystore example:
1)generate key store
C:\j2sdk1.4.1_02\bin>keytool -genkey -alias ozzie -dname "cn=ozzie, ou=engr, o=YourCompanyName, c=US" -keypass ozziepassword -keystore C:\projectname\lib\security\.keystore -storepass ozziepassword
2)generate certificate
C:\j2sdk1.4.1_02\bin>keytool -selfcert -alias ozzie -validity 1000000 -keypass ozziepassword -keystore C:\projectname\lib\security\.keystore -storepass ozziepassword
3)export certificate
C:\j2sdk1.4.1_02\bin>keytool -certreq -alias ozzie -file C:\projectname\lib\security\ozzie.cer -keypass ozziepassword -keystore C:\projectname\lib\security\.keystore -storepass ozziepassword
4)sign the jar
C:\j2sdk1.4.1_02\bin>jarsigner.exe -keystore C:\projectname\lib\security\.keystore -storepass ozziepassword C:\projectname\webApplication\dps.jar ozzie
Note: Assumes java is installed at C:\j2sdk1.4.1_02\ ;-)
Note: The keytool will create the keystore C:\projectname\lib\security\.keystore can be left off to default to the jdk keystore (java.home\lib\security\.keystore), but you really don't not want to mess with the jdk keystore and have to reinstall.
Note: MAKE SURE you write down the passwords used. In this case ozziepassword.
The standard SDK documentation will have both the keytool and the jarsigner in them. They are a little hard to read though.
Another good post is..
How to self sign
You should still get a dialog that will ask you if you trust this applet, because it has not been signed by a known Root Authority, but it is good enough for development. Pick 'yes always' and you will be good to go.
Good Luck,
Jeff
|
Jeff Osborn<br />Procelerate Technologies<br /><a href="http://procelerate.com" target="_blank" rel="nofollow">procelerate.com</a>
|
|
Rohan Kalbhor
Ranch Hand
Joined: Aug 18, 2006
Posts: 78
|
|
Hi Jeff,
That was really very helpful.
I was searching for a document of such a kind for a long time.....
 
|
..............................<br />Exceptions are a part of possibility<br />Errors are a part of truth<br />................................
|
|
 |
|
|
subject: Signing a JAR using a certificate
|
|
|
0
