Win a copy of Testing JavaScript Applications this week in the HTML Pages with CSS and JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
Sheriffs:
  • Tim Cooke
  • Liutauras Vilda
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • fred rosenberger
  • salvin francis
Bartenders:
  • Piet Souris
  • Frits Walraven
  • Carey Brown

Signing a JAR using a certificate

 
Greenhorn
Posts: 16
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi, I've already spent hours on this, please post if you know whats going on. Thank you very much.

Here is the problem: I've a certificate file, say name is: mycert.crt. I've a JAR applet named myapplet.jar. I need to sign the applet so that it runs on a website. I know the private key and public key of the certificate. I tried to import it using the keytool:


Then I tried to sign the jar file using the following:


When I verify it, it says the JAR is signed.

However, when I try to run it I get the error message: The jar is signed but the application's digital signature is invalid (not exact wording).

I've an already signed jar that works fine but the one I try to sign does not work. Any solution?
[ May 31, 2006: Message edited by: Tokai Moshai ]
 
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
This can be a nightmare.

These steps take you through all that you will need to do to create a key store, a self signed certificate, export the certificate and then sign the jar

Keystore example:

1)generate key store
C:\j2sdk1.4.1_02\bin>keytool -genkey -alias ozzie -dname "cn=ozzie, ou=engr, o=YourCompanyName, c=US" -keypass ozziepassword -keystore C:\projectname\lib\security\.keystore -storepass ozziepassword

2)generate certificate
C:\j2sdk1.4.1_02\bin>keytool -selfcert -alias ozzie -validity 1000000 -keypass ozziepassword -keystore C:\projectname\lib\security\.keystore -storepass ozziepassword

3)export certificate
C:\j2sdk1.4.1_02\bin>keytool -certreq -alias ozzie -file C:\projectname\lib\security\ozzie.cer -keypass ozziepassword -keystore C:\projectname\lib\security\.keystore -storepass ozziepassword

4)sign the jar
C:\j2sdk1.4.1_02\bin>jarsigner.exe -keystore C:\projectname\lib\security\.keystore -storepass ozziepassword C:\projectname\webApplication\dps.jar ozzie

Note: Assumes java is installed at C:\j2sdk1.4.1_02\ ;-)
Note: The keytool will create the keystore C:\projectname\lib\security\.keystore can be left off to default to the jdk keystore (java.home\lib\security\.keystore), but you really don't not want to mess with the jdk keystore and have to reinstall.
Note: MAKE SURE you write down the passwords used. In this case ozziepassword.

The standard SDK documentation will have both the keytool and the jarsigner in them. They are a little hard to read though.

Another good post is..
How to self sign


You should still get a dialog that will ask you if you trust this applet, because it has not been signed by a known Root Authority, but it is good enough for development. Pick 'yes always' and you will be good to go.

Good Luck,

Jeff
 
Ranch Hand
Posts: 78
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Jeff,

That was really very helpful.
I was searching for a document of such a kind for a long time.....

 
Think of how stupid the average person is. And how half of them are stupider than that. But who reads this tiny ad?
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
    Bookmark Topic Watch Topic
  • New Topic