Discussions
Categories
- 197K All Categories
- 2.5K Data
- 546 Big Data Appliance
- 1.9K Data Science
- 450.8K Databases
- 221.9K General Database Discussions
- 3.8K Java and JavaScript in the Database
- 31 Multilingual Engine
- 552 MySQL Community Space
- 479 NoSQL Database
- 7.9K Oracle Database Express Edition (XE)
- 3.1K ORDS, SODA & JSON in the Database
- 556 SQLcl
- 4K SQL Developer Data Modeler
- 187.2K SQL & PL/SQL
- 21.4K SQL Developer
- 296.4K Development
- 17 Developer Projects
- 139 Programming Languages
- 293.1K Development Tools
- 110 DevOps
- 3.1K QA/Testing
- 646.1K Java
- 28 Java Learning Subscription
- 37K Database Connectivity
- 159 Java Community Process
- 105 Java 25
- 22.1K Java APIs
- 138.2K Java Development Tools
- 165.3K Java EE (Java Enterprise Edition)
- 19 Java Essentials
- 162 Java 8 Questions
- 86K Java Programming
- 81 Java Puzzle Ball
- 65.1K New To Java
- 1.7K Training / Learning / Certification
- 13.8K Java HotSpot Virtual Machine
- 94.3K Java SE
- 13.8K Java Security
- 205 Java User Groups
- 24 JavaScript - Nashorn
- Programs
- 471 LiveLabs
- 39 Workshops
- 10.2K Software
- 6.7K Berkeley DB Family
- 3.5K JHeadstart
- 5.7K Other Languages
- 2.3K Chinese
- 175 Deutsche Oracle Community
- 1.1K Español
- 1.9K Japanese
- 233 Portuguese
How to use a Ca signed certificate for code signing in eclipse
eclipse neon sp1
Java 8 / javaMe 8
The Keystore contains 3 certificate entries: The certificate of the issuer ca, the codesigner certificate generated with openssl signed by issuer ca and a self signed certificate generated with the create new key pair button labeled: "me signer".
The keystore is referenced from eclipse and on the page Java ME/signing all certificates hold by the store are visible.
simple test:
IMletDemo, application descriptor, security tab, "sign generated packages" is checked. For Sign Properties:key alias to use, only the self signed certificate can be selected. The others are not visible.
Questions:
why? comparing the selfsigned cerificate and the openssl generated, w.r.t extensions and purpose both are identical! Of course the keys and hash are different, but this is normal I think.
doing a "keytool -list", the selfsigned certificate is labeled privateKeyEntry, while the other has the attribute trustedCertEntry. I hope this difference is not the cause and is due to the fact that one is selfsigned and the others have a correct certification chain. If this is not the case, please explain why!
Of course this is only half the way. More important would be to now, what kind of required permissions with what of value must be added to get the program working. Where can this information be found? Preferably with explications, to know what ist required and why it must be added. Background knowledge!
Answers
-
The problem is, it doesn't work, if key and certificate are generated by openssl! The keypair must be generated using the keytool! Use:
keytool -genkeypair -keyalg rsa -keysize 2048 -alias nameofchoice -keystore ifNotwithinSameDirectory -keypass yourchoice
More parameters can be given. what is missing is requested interactively.
Then a certification request can be generated:
keytool -certreq -alias sameAsAbove -keypass same -file yourchoice.csr
The generated file can be signed by the CA getting a file yourchoice.crt which then can be reimported into the keystore with:
keytool -importcert -alias alwaysTheSame -file yourchoice.crt
Now the certificate can be used to sign code. It works, however doing so the programm execution fails.
Unsigned it works, signed it fails. But this is the next issue!