stackoom
  简体   繁体   中英

Signing my applet with trusted certificate

 原文  2014-12-04 18:42:59       java/ jar/ applet/ certificate

Question

I recently made an applet and when I embedded it into my site Java blocks it because it is not signed by a trusted authority.

I have downloaded a certification from CACert (.crt & .cer files) and I have my jar file (FollowMe.jar).

After a few hours searching on google how to sign the jar file with the crt file I'm still not able to do it. Could someone please help me? This is so frustrating.

2 answers

solution1
 1  2014-12-06 21:52:52

To sign a jar you need a keystore with a private key (normally on PCKS12 or JKS format) in your question it's not clear to me if you have a private key or not since you comment that:

I have downloaded a certification from CACert

It's sounds confusing to me, anywise I assume that you have a correct keystore, due to sign a jar you can use the follow instruction using jarsigner which is found in $JAVA_HOME/bin : 

jarsigner -keystore [yourKeystore] -storeType [PKCS12 or JKS] [yourApplet.jar] [keyAlias]

If like I suspect you're trying to sign the jar with a certificate without private key you've to know that this is not possible, you need a private key to perform this operation. You've the follow options:

  1. Generate a keypair with selfsigned certificate using keytool (which is also in $JAVA_HOME/bin ) with a command like follows:

keytool -genkey -keyalg [RSA or another] -alias [yourkeyalias] -keystore [yourkeystore.jks] -storepass [keystorePassword] -validity [validity period for your certificate in days] -keysize [key size for algorithm in RSA for example 2048]

Then fill the prompts about the subjectDN of your certificate.

Note that with the selfsigned certificate you can generate a keystore to make a test to sign your jar however in order that jvm recognize your applet as trusted you cannot sign the applet with a self signed certificate, instead you've to sign it with a key and a certificate signed with a trusted certificate authority for java code signing. So see the second option.

  1. Generate a key and a csr (certificate signing request) and make a request to a certificate authority which generates code signing java certificates to sign your csr and generate a certificate. Then put the certificate, key, and cert chain to the keystore and sign the jar file with the jarsigner command. You can see the instructions in one of many java code signing vendors like Symantec , Thawte , Digicert , Globalsign , Entrust or some others (you can make a search through google :).

Hope this helps,

solution2
 0  2014-12-04 19:04:57

The below is a common way of doing things: 

keytool -import -trustcacerts -alias appletCert -file CAcert.crt
jarsigner "C:\path\FollowMe.jar" appletCert

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Where to obtain trusted certificate for my applet? can I check if a Java applet certificate is trusted before running my applet? Signing a jar file with trusted certificate for JWS deployment UNKNOWN publisher even after signing the JAR using trusted certificate Applet signing information Signing a Java Applet SELinux, Fedora, and Trusted Applet crashing? SAML trusted certificate Could not find trusted certificate Certificate is trusted only once
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM