10 Replies Latest reply: Jun 16, 2010 9:16 PM by EJP RSS

    Signing a Jar File

    843804
      Hi!

      I need to sign a .jar file, but I have two doubts.

      First Doubt:
      I have signed my jar file by keytools and jarsigner. But my certificate is only for 6 months, I need a indefinied certificate or that the time of this will be 5 o more years.

      Second Doubt:
      If I want a "official certificate", what will I do?

      Thanks!!!!!


      Martí
        • 1. Re: Signing a Jar File
          793415
          marti_ni wrote:
          ..I need to sign a .jar file, but I have two doubts.

          First Doubt:
          I have signed my jar file by keytools and jarsigner. But my certificate is only for 6 months, I need a indefinied certificate or that the time of this will be 5 o more years.
          The validity period of the certificate can be specified in the arguments to keytool.
          [http://java.sun.com/javase/6/docs/technotes/tools/windows/keytool.html#OptionDefaults]
          Second Doubt:
          If I want a "official certificate", what will I do?
          The term you are looking for is 'verified'. The people that issue such certificates (supposedly) verify that you are who you claim to be.

          The way to get such a certificate is to pay lots of money to the high-way robbers(1) that sell them, and jump through all their hoops of identification.

          1) I've heard it said the verification justifies the cost, but I truly doubt the verification goes much beyond having a careful look at the documents supplied by the applicant. Further, the renewal cost of certificates for a verified entity should be minimal - whereas the actual cost is almost as much as the original certificate.
          Thanks!!!!!
          BTW:
          - Please save your 'doubts' for religion, politicians and used-car salesmen (and claims by the CAs that provide verified code signing certificates). The correct word is question.
          - Please fix that sticky '!' key.
          • 2. Re: Signing a Jar File
            843804
            Hi AndrewThompson64!

            I haven't enought works....
            ...a lot of Thanks :)

            Your help has been totally for me ;)


            Martí
            • 3. Re: Signing a Jar File
              843804
              Hi!

              I have a problem, If I create a certificate, when I run the applet, if runs a message like as "the certificated hasn't benn verified". I understant the problem, because I haven't the "juridic power" for this.

              But, my "client" doesn't like this message. My question is: Is possible to found a free o cheap certificate? What companies does certificates?

              Another question, that I don't understand,
              I understand that the applet needs a certificate when who "open" anything in user PC o another computer that it hasn't own server. But my applet only opens files (pictures, txt files) in his server by absolute url's.

              Please, can you help me,

              Thanks,

              Martí
              • 4. Re: Signing a Jar File
                793415
                marti_ni wrote:
                Hi!

                I have a problem, If I create a certificate, when I run the applet, if runs a message like as "the certificated hasn't benn verified". I understant the problem, because I haven't the "juridic power" for this.

                But, my "client" doesn't like this message. ..
                The client never does. ;-)
                ..My question is: Is possible to found a free o cheap certificate? What companies does certificates?
                (shrugs) My clients are 'me and my users', I've gotten used to the message and my end-users either get over it or go elsewhere. I mention that simply to underline that it is not something I've looked deeply into, and your Google is as close as mine.

                Having said that, VeriSign/Thawte (one of which bought out the other) are the only company (off the top of my head) that supplies code signing certificates. They used to have a FreeMail certificate that was fully verified, but I think that was dropped long ago.
                Another question, that I don't understand,
                I understand that the applet needs a certificate when who "open" anything in user PC o another computer that it hasn't own server. ..
                Neither is entirely true of recent JREs.
                - As of Java 1.5 or 1.6, Sun relaxed the rules to allow applets to do cross-site resource access. This results in the user being prompted for permission when the cross-site access is requested by the applet.
                - Since the Plug-In2 architecture was introduced, JWS enabled applets could be embedded in a web page. JWS provides the JNLP API, which in turn has classes like the FileOpenService and FileContents. These classes allow even sand-boxed apps. to get access to the local file-system. Here is my [demo. of the file services|http://pscode.org/jws/api.html#fs].
                ..But my applet only opens files (pictures, txt files) in his server by absolute url's.
                OK, now I'm a little confused as to what you mean by getting resources from another computer that is not a server by absolute URL. To help me understand, can you provide an example URL?
                • 5. Re: Signing a Jar File
                  843804
                  Hi!

                  Thanks,

                  At this time, I haven't enought time,

                  about:
                  OK, now I'm a little confused as to what you mean by getting resources from another computer that is not a server by absolute URL. To help me understand, can you provide an example URL?
                  My applet is in JavaFX, I rode in other web page, that it only is necessary the certificate if aplication do anything that is not on your own server. My application only "open" pictures and txt files in his server, in consequence I don't understand why I need the certificate. I thinked that is possible that I need the certificate because when my application open a file (in his server) who does this thing by: url: "http://www.myserver.com/mypicture.jpg (in other words, I use absolute ways)....Is it possible that I don't need the certificate If I use "relative routes" (url:"/mypicture.jpg").

                  I dont know.... :S

                  But mi client doesn't like the "certificate message"... :(

                  Thanks for your help.

                  Martí
                  • 6. Re: Signing a Jar File
                    843804
                    Hi!

                    I solvented my problem,

                    I have a Google Maps in my application, and in consequence my application ran a connection out of his own server.
                    I deleted this, and now I don't need the certificate.


                    Thanks for all,

                    Martí
                    • 7. Re: Signing a Jar File
                      843804
                      (shrugs) My clients are 'me and my users', I've gotten used to the message and my end-users either get over it or go elsewhere. I mention that simply to underline that it is not something I've looked deeply into, and your Google is as close as mine.

                      Having said that, VeriSign/Thawte (one of which bought out the other) are the only company (off the top of my head) that supplies code signing certificates. They used to have a FreeMail certificate that was fully verified, but I think that was dropped long ago.
                      • 8. Re: Signing a Jar File
                        EJP
                        Pointless partial duplicate of this blocked.
                        • 9. Re: Signing a Jar File
                          843804
                          The best answer I figure would to both compress and expand the air at ambient temperature instead of adiabatically.
                          • 10. Re: Signing a Jar File
                            EJP
                            More rubbish blocked.