Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Problem with signing a JAR file !!

Posted on 2002-06-27
18
240 Views
Last Modified: 2010-03-31
Hi experts !!
I have tried signing JAR files a number of times but every time if failes. I even verified whether the JAR was signed which output's the term VERIFIED to the console.
Yet, when I run the applet on the browser it throws a security exception.

I created a keystore by specifying all required options. then used the keystore to sign the JAR using the jarsigner tool.

Wanna know how I could get the JAR signed correctly.
If U can explain this process briefly I guess it would do.

ThankX !!
--Din--

0
Comment
Question by:dineth
  • 7
  • 5
  • 4
  • +1
18 Comments
 
LVL 86

Expert Comment

by:CEHJ
ID: 7115002
Have you given the browser the key?
0
 

Author Comment

by:dineth
ID: 7115143
Hi CEHJ !!
How could that be done ?? please explain
0
 
LVL 86

Accepted Solution

by:
CEHJ earned 100 total points
ID: 7115159
The point here is that the browser must be in possession of a valid certificate, or signing the applet alone will not work. I'm not an expert on this sort of thing, but I think it's easier to import test certificates in Netscape. Maybe this link will help:
http://developer.netscape.com/docs/manuals/signedobj/signtool/signcert.htm#1027981
0
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
LVL 92

Expert Comment

by:objects
ID: 7115404
What browser are we talking about?
0
 
LVL 92

Expert Comment

by:objects
ID: 7115405
IE uses cab's and not signed jars.
0
 
LVL 35

Expert Comment

by:girionis
ID: 8893477
No comment has been added lately, so it's time to clean up this TA.

I will leave a recommendation in the Cleanup topic area that this question is:

- points to CEHJ

Please leave any comments here within the
next seven days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER !

girionis
Cleanup Volunteer
0
 
LVL 92

Assisted Solution

by:objects
objects earned 100 total points
ID: 8897991
> The point here is that the browser must be in possession of a valid certificate

This is not true. The cert is installed automatically when the user grants it rights.
0
 
LVL 86

Expert Comment

by:CEHJ
ID: 8900623
>>The cert is installed automatically when the user grants it rights.

It still must be valid part of a chain surely?
0
 
LVL 35

Expert Comment

by:girionis
ID: 8900730
 There must be a certificate somewhere in order to work. Another reason for recommending CEHJ's comment as answer is that the link provided is a valid one and explains how to do it.
0
 
LVL 92

Expert Comment

by:objects
ID: 8907308
> It still must be valid part of a chain surely?

No. Go to any site that uses signed jars and you can use them without having to import anything.

> Another reason for recommending CEHJ's comment as answer is that the link
> provided is a valid one and explains how to do it.

That link discusses importing test certs. The question mentions nothing about a test cert.


0
 
LVL 86

Expert Comment

by:CEHJ
ID: 8908197
>>Go to any site that uses signed jars and you can use them without having to import anything

That's great. That must mean nobody needs to buy a certificate - simply create their own and sign the jar (?)
btw, nobody was mentioning having to import anything.
0
 
LVL 35

Expert Comment

by:girionis
ID: 8908267
> That link discusses importing test certs. The question mentions nothing about a test cert.

  The process is the same for both test and production certificates.
0
 
LVL 92

Expert Comment

by:objects
ID: 8910343
> simply create their own and sign the jar (?)

Not sure I fillow what you mean.

> btw, nobody was mentioning having to import anything.

Isn't that what the link you posted discusses?

> The process is the same for both test and production certificates.

Not true. There is no need for users to manually import production certs
0
 
LVL 35

Expert Comment

by:girionis
ID: 8912034
> Not true. There is no need for users to manually import production certs

  AFAIK there is no need to import test certificates as well. You just need to trust the test issuer and accept the certificate.
0
 
LVL 92

Expert Comment

by:objects
ID: 8913703
>  AFAIK there is no need to import test certificates as well. You just need to trust
>  the test issuer and accept the certificate.

Why did you recomend the above comment as an answer if that is the case?

There are many reasons that could be causing this problem, dineth has not suppied sufficient information to determine the cause.
0
 
LVL 35

Expert Comment

by:girionis
ID: 8915394
> Why did you recomend the above comment as an answer if that is the case?

  Because once you accept the certificate it is imported in the system and saved in the database of trusted certificates, hence you do not have to accept it again. Therefore the system is in possesion of a valid certificate, regardless if it is from a trusted or untrusted source. For the browser it is valid as far as the browser is concerned.

  Anyway, I see where you are getting. CEHJ is talking about manually importing certificates whether you say that the certificate is imported automatically when the user accepts it. In either case it will work, it is just that CEHJ's suggestion requires a bit more of work.

  The best thing would be for the asker to get back and clarify, but since the question is probably abandonded the only thing I can do is to recommend CEHJ's comment as answer since it provides a possible solution.
0
 
LVL 92

Expert Comment

by:objects
ID: 8915440
> recommend CEHJ's comment as answer since it provides a possible solution.

If the cert is automatically imported then I'm not sure I understand how importing it would fix the problem.

As i suggested above the problem could also have been caused by (among other reasons) not using plugin. Seems more likely than the cert somehow not loading.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For customizing the look of your lightweight component and making it look lucid like it was made of glass. Or: how to make your component more Apple-ish ;) This tip assumes your component to be of rectangular shape and completely opaque. (COD…
Introduction This article is the last of three articles that explain why and how the Experts Exchange QA Team does test automation for our web site. This article covers our test design approach and then goes through a simple test case example, how …
Viewers learn about the third conditional statement “else if” and use it in an example program. Then additional information about conditional statements is provided, covering the topic thoroughly. Viewers learn about the third conditional statement …
Viewers will learn about if statements in Java and their use The if statement: The condition required to create an if statement: Variations of if statements: An example using if statements:

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question