I need to change expiry date of jar being signed by a certificate to say 30 days. Hence I execute in sequence (I provide relevant inputs for the first command). But in-spite of the -validity option being given as 30 days, the jarsigner command says the certificate expires after 6 months(which is default). How can I change this any idea ? Below is the list of commands i use
keytool -genkey -keystore test -alias testAlias -validity 30 <br>
keytool -selfcert -alias testAlias -keystore test <br>
jarsigner -keystore "C:\test" "C:\some.jar" testAlias
Your key has a validity of 30 days; the certificate that you are generating and signing with that key is not being specified, and so defaults to 180 days.
It is the value of the -validity
flag specified in the -selfcert
command that is important here. I just tested this:
cp myKeystore myKeystore-TEST
keytool -selfcert -validity 30 -alias myAlias -keystore myKeystore-TEST
jarsigner -keystore myKeystore-TEST myApplet.jar myAlias
and when the browser popped up the dialog, I could verify that the expiration date was listed as today+30 days. jarsigner -verbose -certs -verify myApplet.jar
is much more verbose, listing summary of the certificate and the key as well:
sm 697 Thu Dec 01 04:02:34 EST 2011 applet/Main.class
X.509, CN=Todd Kaufmann, OU=Unknown, O=..., L=Pittsburgh, ST=PA, C=US
[certificate will expire on 12/31/11 12:48 PM]
X.509, CN=Todd Kaufmann, OU=Unknown, O=..., L=Pittsburgh, ST=PA, C=US
[certificate will expire on 1/23/12 4:08 AM]
...
s = signature was verified
m = entry is listed in manifest
Where 12/31/11 is 30 days from my test now, and the other date is 90 days after I created the keystore, which I can verify with keytool -v -list -keystore myKeystore-TEST
. The man page for keytool
says 90 days is the default for keys.
来源:https://stackoverflow.com/questions/5419425/to-change-jar-expiry-time