Discussions
Categories
- 382.3K All Categories
- 2.1K Data
- 209 Big Data Appliance
- 1.9K Data Science
- 447.9K Databases
- 220.9K General Database Discussions
- 3.7K Java and JavaScript in the Database
- 25 Multilingual Engine
- 520 MySQL Community Space
- 467 NoSQL Database
- 7.8K Oracle Database Express Edition (XE)
- 2.9K ORDS, SODA & JSON in the Database
- 492 SQLcl
- 3.9K SQL Developer Data Modeler
- 186.2K SQL & PL/SQL
- 21K SQL Developer
- 293.3K Development
- 7 Developer Projects
- 128 Programming Languages
- 290K Development Tools
- 95 DevOps
- 3K QA/Testing
- 645.5K Java
- 24 Java Learning Subscription
- 36.9K Database Connectivity
- 149 Java Community Process
- 104 Java 25
- 22.1K Java APIs
- 137.9K Java Development Tools
- 165.3K Java EE (Java Enterprise Edition)
- 16 Java Essentials
- 144 Java 8 Questions
- 85.9K Java Programming
- 79 Java Puzzle Ball
- 65.1K New To Java
- 1.7K Training / Learning / Certification
- 13.8K Java HotSpot Virtual Machine
- 94.2K Java SE
- 13.8K Java Security
- 198 Java User Groups
- 24 JavaScript - Nashorn
- Programs
- 265 LiveLabs
- 36 Workshops
- 10.2K Software
- 6.7K Berkeley DB Family
- 3.5K JHeadstart
- 5.8K Other Languages
- 2.3K Chinese
- 166 Deutsche Oracle Community
- 1.2K Español
- 1.9K Japanese
- 230 Portuguese
How to use a Ca signed certificate for code signing in eclipse
eclipse neon sp1
Java 8 / javaMe 8
The Keystore contains 3 certificate entries: The certificate of the issuer ca, the codesigner certificate generated with openssl signed by issuer ca and a self signed certificate generated with the create new key pair button labeled: "me signer".
The keystore is referenced from eclipse and on the page Java ME/signing all certificates hold by the store are visible.
simple test:
IMletDemo, application descriptor, security tab, "sign generated packages" is checked. For Sign Properties:key alias to use, only the self signed certificate can be selected. The others are not visible.
Questions:
why? comparing the selfsigned cerificate and the openssl generated, w.r.t extensions and purpose both are identical! Of course the keys and hash are different, but this is normal I think.
doing a "keytool -list", the selfsigned certificate is labeled privateKeyEntry, while the other has the attribute trustedCertEntry. I hope this difference is not the cause and is due to the fact that one is selfsigned and the others have a correct certification chain. If this is not the case, please explain why!
Of course this is only half the way. More important would be to now, what kind of required permissions with what of value must be added to get the program working. Where can this information be found? Preferably with explications, to know what ist required and why it must be added. Background knowledge!
Answers
-
The problem is, it doesn't work, if key and certificate are generated by openssl! The keypair must be generated using the keytool! Use:
keytool -genkeypair -keyalg rsa -keysize 2048 -alias nameofchoice -keystore ifNotwithinSameDirectory -keypass yourchoice
More parameters can be given. what is missing is requested interactively.
Then a certification request can be generated:
keytool -certreq -alias sameAsAbove -keypass same -file yourchoice.csr
The generated file can be signed by the CA getting a file yourchoice.crt which then can be reimported into the keystore with:
keytool -importcert -alias alwaysTheSame -file yourchoice.crt
Now the certificate can be used to sign code. It works, however doing so the programm execution fails.
Unsigned it works, signed it fails. But this is the next issue!