This is what happened to me and I will explain what I had to do to get over this new security requirements and kept your application running.
The first step is get a code signing certificate with an certificate authority (CA), there are different CA and here are some of them:
The process to get the certificate is the following:
First you will have to request the CA for a certificate, and for this you will need a Keystore and a Certificate Signing Request (CSR), these are generated with the keytool.
For generate the keystore use the following command:
keytool -genkey -alias Alias -keyalg RSA -keysize 2048 -keystore Keysotre.jks
First you will have to request the CA for a certificate, and for this you will need a Keystore and a Certificate Signing Request (CSR), these are generated with the keytool.
For generate the keystore use the following command:
keytool -genkey -alias Alias -keyalg RSA -keysize 2048 -keystore Keysotre.jks
And for generate the CSR use the following command:
keytool -certreq -alias Alias -file Cert.csr -keystore Keysotre.jks
Each command will ask you for a password, after generating these files you will send the CSR file to the CA.
After the CA generates the certificate, it will send you the certificate, it is a file with probably one of the following extensions: PEM, DER, P7B, PFX, depending in the type of certificate, you can find more about the certificate types in this link: www.sslshopper.com/ssl-converter.html
Once you have the certificate with you, you will have to import it using the keytool, with the following command:
keytool -import -trustcacerts -alias Alias -file CAcert.p7b -keystore Keysotre.jks
Make sure you use the same keystore file used in the generation of the CSR file. You can find more information of the keytool command in the following link:
With this the jars files can be signed using the jarsigner command:
jarsigner -keystore Keysotre.jks -storepass password file.jar Alias
With these steps the jar file gets signed, but there is much more about this process of signing a jar.
Before the new features that were added in the latest releases of the JVM (1.7.XX) this was all you have to do to meet the security requirements for a web start application just sign the jars of the application.
These are some of the new features:
The META-INF/MANIFEST.MF file of the jar files must have the following attributes to grant permissions
Manifest-Version: 1.0
Permissions: all-permissions
Codebase: https://example.com
In this link you can find the new attributes of the Manifest file http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/manifest.html
Another feature is to sign the JNLP file, the oracle documents says the following in order to sign a JNLP file:
"To create a signed JNLP file you don't sign the JNLP file itself, but you include the JNLP file inside the directory structure before the JAR file is created and then signed. The JNLP file must be named APPLICATION.JNLP and is included in the JNLP-INF subdirectory. The JAR file is then created and signed in the usual manner. When a web start application is started, the JNLP file used must be identical to the JNLP file in the signed JAR in order for the application to run".
You can find more information about signing JNLP files in the following link: http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/signedJNLP.html
Well these are some of the new requirements in order to run properly a web start application, I hope with this blog you can now have an idea of what to do if your web start application does not run because of security issues.
"Thanks for sharing VEMLIDY ( Tenofovir Alafenamide 25 mg ) used to treat the HBV (chronic hepatitis B virus ) and HIV in the adult. Its Uses, Price, Cost,Side Effects. Generic Vemlidy
ReplyDeleteVemlidy generic
Vemlidy 25mg
Taf 25mg
Tenofovir Alafenamide 25mg"
Very informative article. Thanks for sharing this. midea aircon servicing Singapore
ReplyDelete