certificate expired while launching Java webstart application

Hi,

We are using Java Webstart for one of the requirements(downloading files) in the applicaton which are developed by 3rd party vendors earlier.Now when we access the application we are getting certificate is expired.

I think all jars must be signed to launch JNLP application.Please confirm.

I have tried to remove files (*.SF, *.RSA) files in MANIFEST-MF But when we access the application getting 'unsigned resource access to http-mime-4.2.2.5.jar';
I think we can't launch JNLP Webstart application without signed jars.Please confirm.

https://kbdeveloper.qoppa.com/removing-a-signature-from-a-signed-jar-file/

 Followed the steps below to remove a signature from a jar file
******************************************************************
Open the jar using WinRar or Winzip (jars are actually zip files)
Go into the META-INF directory
Delete all files (*.SF, *.RSA) but keep MANIFEST-MF.



Executed jarsigner command on each jar  which are used and all are expired last year(10th Oct'17) itself and as you see all jars are signed with certificate.

I have few clarifcations.

1)What certificates does digicert give after taking renewal from them?
2)How to sign all the jars again?Please provide the command?

jarsigner -verify -certs -verbose download-manager.jar

s       9619 Mon Nov 10 15:55:56 EST 2014 META-INF/MANIFEST.MF

      X.509, CN="XXXXXXXX.", O="XXXXXXXX.", L=DDDDD, S
T=Calif, C=US
      [certificate expired on 10/10/17 8:00 AM]
      X.509, CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O
=DigiCert Inc, C=US
      [certificate is valid from 10/22/13 8:00 AM to 10/22/28 8:00 AM]
      X.509, CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc
, C=US
      [certificate is valid from 11/9/06 7:00 PM to 11/9/31 7:00 PM]

        9376 Mon Nov 10 15:55:56 EST 2014 META-INF/SERVER.SF
        4108 Mon Nov 10 15:55:56 EST 2014 META-INF/SERVER.RSA
           0 Mon Nov 10 15:55:22 EST 2014 META-INF/
           0 Mon Nov 10 15:55:24 EST 2014 META-INF/maven/
           0 Mon Nov 10 15:55:24 EST 2014 META-INF/maven/com.xxxxxx.cms.xx/
           0 Mon Nov 10 15:55:24 EST 2014 META-INF/maven/com.xxxxxx.cms.xx/download-manager/
           0 Mon Nov 10 15:55:22 EST 2014 jnlp/
           0 Mon Nov 10 15:55:22 EST 2014 com/
           0 Mon Nov 10 15:55:22 EST 2014 com/xxxxxx/
           0 Mon Nov 10 15:55:22 EST 2014 com/xxxxxx/cms/
sm      7439 Mon Nov 10 15:55:24 EST 2014 META-INF/maven/com.xxxxxx.cms.xx/download-manager/pom.xml

      X.509, CN="XXXXXXXX.", O="XXXXXXXX.", L=DDDDD, S
T=Calif, C=US
      [certificate expired on 10/10/17 8:00 AM]
      X.509, CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O
=DigiCert Inc, C=US
      [certificate is valid from 10/22/13 8:00 AM to 10/22/28 8:00 AM]
      X.509, CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc
, C=US
      [certificate is valid from 11/9/06 7:00 PM to 11/9/31 7:00 PM]

sm       134 Mon Nov 10 15:55:24 EST 2014 META-INF/maven/com.xxxxxx.cms.xx/download-manager/pom.properties

      X.509, CN="XXXXXXXX.", O="XXXXXXXX.", L=DDDDD, S
T=Calif, C=US
      [certificate expired on 10/10/17 8:00 AM]
      X.509, CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O
=DigiCert Inc, C=US
      [certificate is valid from 10/22/13 8:00 AM to 10/22/28 8:00 AM]
      X.509, CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc
, C=US
      [certificate is valid from 11/9/06 7:00 PM to 11/9/31 7:00 PM]

sm       557 Mon Nov 10 15:55:22 EST 2014 org/xxx/FileUtilities.class

      X.509, CN="XXXXXXXX.", O="XXXXXXXX.", L=DDDDD, S
T=Calif, C=US
      [certificate expired on 10/10/17 8:00 AM]
      X.509, CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O
=DigiCert Inc, C=US
      [certificate is valid from 10/22/13 8:00 AM to 10/22/28 8:00 AM]
      X.509, CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc
, C=US
      [certificate is valid from 11/9/06 7:00 PM to 11/9/31 7:00 PM]

sm       623 Mon Nov 10 15:55:22 EST 2014 org/xxx/ExceptionUtilities.class

      X.509, CN="XXXXXXXX.", O="XXXXXXXX.", L=DDDDD, S
T=Calif, C=US
      [certificate expired on 10/10/17 8:00 AM]
      X.509, CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O
=DigiCert Inc, C=US
      [certificate is valid from 10/22/13 8:00 AM to 10/22/28 8:00 AM]
      X.509, CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc
, C=US
      [certificate is valid from 11/9/06 7:00 PM to 11/9/31 7:00 PM]


jar verified.

Warning:
This jar contains entries whose signer certificate has expired.
This jar contains signatures that does not include a timestamp. Without a timest
amp, users may not be able to validate this jar after the signer certificate's e
xpiration date (2017-10-10) or after any future revocation date.
chaituu chaituAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

CEHJCommented:
I think we can't launch JNLP Webstart application without signed jars.Please confirm.
Yes that's correct in general
0
chaituu chaituAuthor Commented:
May know the reason why should we sign the jars for JNLP application?one more thing is where can  find the keystore/certificate file which are used for signing these jars?When we use jarsigner command only we got these details.
0
CEHJCommented:
Quite simply because there have been too many security problems with Java so restrictions have been tightened.
You probably need to resign them with a proper cert. I don't know your deployment details so can't say any more
0
Become a Microsoft Certified Solutions Expert

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

chaituu chaituAuthor Commented:
I have few clarifications.

1)What certificates does digicert give after taking renewal from them?
2)How to sign all the jars again?Please provide the command?
0
David Johnson, CD, MVPOwnerCommented:
1)What certificates does digicert give after taking renewal from them? The exact same certificate that you had before except the not valid time before and after dates are changed.  You have the option of how long the certificate is valid i.e. 1 year - 5 years.


You then have to import the certificate to your development machine and then sign the jars using your signing tool.
0
chaituu chaituAuthor Commented:
Thanks david.can you please let know how to import the certificate and sign the jars ??
0
David Johnson, CD, MVPOwnerCommented:
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
chaituu chaituAuthor Commented:
generated the self signed keystore file using below keystool command.

keytool -genkey -keyalg RSA -validity 30 -alias webstart -keystore webstart -keypass password -storepass password

jarsigner.exe -keystore D:\keystore\webstart -storepass 'password' -keypass 'password' -storetype JKS D:\target\download-manager-desktop.jar webstart

now i execute jarsigner command on the keystore with jar ,getting below error.


jarsigner error: java.lang.RuntimeException: keystore load: Keystore was tampered with, or password was incorrect
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Java

From novice to tech pro — start learning today.